Code Review / releng-anteater.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 7f69464) | patch
Run Anteater under Docker as Non-Root User 25/36325/2
authorTrevor Bramwell <tbramwell@linuxfoundation.org>
Wed, 21 Jun 2017 18:26:43 +0000 (11:26 -0700)
committerTrevor Bramwell <tbramwell@linuxfoundation.org>
Thu, 22 Jun 2017 16:32:43 +0000 (09:32 -0700)
commit83557fd9970eb89129a5ee93e4ce36c9dff51bf6
treec7116b0282a4b1e8d9d73dfee99c94637ff6c8d4tree | snapshot
parent7f69464d9e184b69e5d6fb70517e48f43d4c56c0commit | diff
Run Anteater under Docker as Non-Root User

Instead of violating the priciple of least privilage, anteater should
be ran by a non-root user.

Anteater doesn't need access to anything owned by root to perform
security scanning, and running as a non-root user should prevent it from
creating file owned by root in the future.

JIRA: RELENG-238

Change-Id: I7b75255ff460444763acbcc5d7752e1223860a2b
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
docker/Dockerfile diff | blob | history