Use unprivileged user in Linux container (#27)

Author: formulahendry

Test/Test.cs

@@ -55,7 +55,7 @@ public void TestArchitecture(string lang, bool skipRestore)
         {
             var repository = "test.azurecr.io/test";
             var scaffoldName = BeforeEach(lang, repository, skipRestore);
-            var filesToCheck = new List<string> { ".gitignore", "module.json", "Dockerfile", "Dockerfile.amd64.debug", "Dockerfile.arm32v7" };
+            var filesToCheck = new List<string> { ".gitignore", "module.json", "Dockerfile.amd64", "Dockerfile.windows-amd64", "Dockerfile.amd64.debug", "Dockerfile.arm32v7" };
 
             if (skipRestore)
             {

content/dotnet-template-azure-iot-edge-module/CSharp/Dockerfile.amd64

@@ -0,0 +1,17 @@
+FROM microsoft/dotnet:2.0-sdk AS build-env
+WORKDIR /app
+
+COPY *.csproj ./
+RUN dotnet restore
+
+COPY . ./
+RUN dotnet publish -c Release -o out
+
+FROM microsoft/dotnet:2.0-runtime
+WORKDIR /app
+COPY --from=build-env /app/out ./
+
+RUN useradd -ms /bin/bash moduleuser
+USER moduleuser
+
+ENTRYPOINT ["dotnet", "SampleModule.dll"]

content/dotnet-template-azure-iot-edge-module/CSharp/Dockerfile.amd64.debug

@@ -2,9 +2,12 @@ FROM microsoft/dotnet:2.0-runtime-stretch AS base
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends unzip procps && \
-    curl -sSL https://aka.ms/getvsdbgsh | bash /dev/stdin -v latest -l ~/vsdbg && \
     rm -rf /var/lib/apt/lists/*
 
+RUN useradd -ms /bin/bash moduleuser
+USER moduleuser
+RUN curl -sSL https://aka.ms/getvsdbgsh | bash /dev/stdin -v latest -l ~/vsdbg
+
 FROM microsoft/dotnet:2.0-sdk AS build-env
 WORKDIR /app
 

content/dotnet-template-azure-iot-edge-module/CSharp/Dockerfile renamed to content/dotnet-template-azure-iot-edge-module/CSharp/Dockerfile.windows-amd64

@@ -6,10 +6,10 @@
         "tag": {
             "version": "0.0.1",
             "platforms": {
-                "amd64": "./Dockerfile", 
+                "amd64": "./Dockerfile.amd64", 
                 "amd64.debug": "./Dockerfile.amd64.debug",
                 "arm32v7": "./Dockerfile.arm32v7",
-                "windows-amd64": "./Dockerfile"
+                "windows-amd64": "./Dockerfile.windows-amd64"
             }
         },
         "buildOptions": []

content/dotnet-template-azure-iot-edge-module/CSharp/module.json

@@ -0,0 +1,17 @@
+FROM microsoft/dotnet:2.0-sdk AS build-env
+WORKDIR /app
+
+COPY *.fsproj ./
+RUN dotnet restore
+
+COPY . ./
+RUN dotnet publish -c Release -o out
+
+FROM microsoft/dotnet:2.0-runtime
+WORKDIR /app
+COPY --from=build-env /app/out ./
+
+RUN useradd -ms /bin/bash moduleuser
+USER moduleuser
+
+ENTRYPOINT ["dotnet", "SampleModule.dll"]

content/dotnet-template-azure-iot-edge-module/FSharp/Dockerfile.amd64

@@ -2,9 +2,12 @@ FROM microsoft/dotnet:2.0-runtime-stretch AS base
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends unzip procps && \
-    curl -sSL https://aka.ms/getvsdbgsh | bash /dev/stdin -v latest -l ~/vsdbg && \
     rm -rf /var/lib/apt/lists/*
 
+RUN useradd -ms /bin/bash moduleuser
+USER moduleuser
+RUN curl -sSL https://aka.ms/getvsdbgsh | bash /dev/stdin -v latest -l ~/vsdbg
+
 FROM microsoft/dotnet:2.0-sdk AS build-env
 WORKDIR /app
 

content/dotnet-template-azure-iot-edge-module/FSharp/Dockerfile.amd64.debug

@@ -6,10 +6,10 @@
         "tag": {
             "version": "0.0.1",
             "platforms": {
-                "amd64": "./Dockerfile", 
+                "amd64": "./Dockerfile.amd64", 
                 "amd64.debug": "./Dockerfile.amd64.debug",
                 "arm32v7": "./Dockerfile.arm32v7",
-                "windows-amd64": "./Dockerfile"
+                "windows-amd64": "./Dockerfile.windows-amd64"
             }
         },
         "buildOptions": []