From 145ddcf4ba40d0f20b4a3eb1e81fd09212700c1c Mon Sep 17 00:00:00 2001
From: Paul Eggleton <paul.eggleton@linux.intel.com>
Date: Thu, 9 May 2019 17:21:35 +1200
Subject: [PATCH] docker: ensure application files are owned by root

We really don't want the layers user to be able to write to the
application code / settings in /opt/workdir or /opt/bin within the
layersapp container - only selected directories under /opt. It appears
that we only need to set the ownership on /opt/workdir for now.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 43960e4..290a2bd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -60,7 +60,7 @@ COPY docker/migrate.sh /opt/migrate.sh
 
 RUN mkdir /opt/workdir \
 	&& adduser --system --uid=500 layers \
-	&& chown -R layers /opt
+	&& chown -R layers /opt/workdir
 USER layers
 
 # Always copy in .gitconfig and proxy helper script (they need editing to be active)