Update node-armhf template to use non-root user

This updates the node-armhf function template to use a non-root user. Creates `app` system user and `app` group Signed-off-by: Ivana Yovcheva (VMware) <iyovcheva@vmware.com>
openfaas · Feb 5, 2020 · 94e53f4 · 94e53f4
1 parent aa857f0
commit 94e53f4
Showing 1 changed file with 19 additions and 3 deletions.
diff --git a/template/node-armhf/Dockerfile b/template/node-armhf/Dockerfile
@@ -5,20 +5,36 @@ FROM node:12.13.0-alpine as ship
 COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
 RUN chmod +x /usr/bin/fwatchdog
 
+RUN addgroup -S app && adduser app -S -G app
+
 RUN apk add --no-cache nodejs nodejs-npm ca-certificates
 
-WORKDIR /root/
+RUN mkdir -p /home/app
+
+# Wrapper/boot-strapper
+WORKDIR /home/app
 
 COPY package.json   .
 
 RUN npm i
+
+WORKDIR /home/app/function
+
 COPY index.js       .
 COPY function       function
-WORKDIR /root/function
 
 ENV NPM_CONFIG_LOGLEVEL warn
 RUN npm i || :
-WORKDIR /root/
+
+COPY --chown=app:app function/ .
+
+WORKDIR /home/app/
+
+RUN chmod +rx -R ./function \
+    && chown app:app -R /home/app \
+    && chmod 777 /tmp
+
+USER app
 
 ENV cgi_headers="true"