Mirrors/dokku
1
0
Fork 0
mirror of https://github.com/dokku/dokku.git synced 2025-12-29 00:25:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: set permissions correctly on all files in the builder-release process

Browse Source 
Due to the execution of profile files when running /exec, it was possible to get into a state where files owned by root would exist in a built herokuish image.

We now instead chown the files directly, which ensures profile files only get executed at runtime.

Closes gliderlabs/herokuish#1212
Refs dokku/dokku#6851
This commit is contained in:
Jose Diaz-Gonzalez
2024-06-22 14:35:34 -04:00
parent 0cc3901a9a
commit 7aae7c3788
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/builder-herokuish/dockerfiles/builder-release.Dockerfile
View File

@@ -3,6 +3,6 @@ FROM $APP_IMAGE
ARG DOKKU_APP_USER herokuishuser
COPY --chown=$DOKKU_APP_USER 00-global-env.sh 01-app-env.sh /app/.profile.d/
RUN TRACE=$TRACE USER=$DOKKU_APP_USER HEROKUISH_DISABLE_CHOWN=false /exec true
RUN find "/app" \( \! -user "$DOKKU_APP_USER" -o \! -group "$DOKKU_APP_USER" \) -print0 | xargs -0 -r chown "$DOKKU_APP_USER:$DOKKU_APP_USER"
USER $DOKKU_APP_USER
ENV HEROKUISH_SETUIDGUID false