fix(dockerfile-linux): revoke the satosa user's ability to modify the entrypoint script

niheconomoum · niheconomoum · commit b6f0c39dce11 · 2022-07-17T10:40:51.000-04:00
Guarantee the entrypoint script gets the correct permissions by
explicitly setting them at image build time.  Note that the COPY
command's `--chmod` flag requires BuildKit, which may not work in all
environments.
diff --git a/Dockerfile-linux.template b/Dockerfile-linux.template
@@ -124,7 +124,8 @@ RUN set -eux; \
 VOLUME /etc/satosa
 WORKDIR /etc/satosa
 
-COPY --chown=satosa:satosa docker-entrypoint.sh /usr/local/bin/
+COPY docker-entrypoint.sh /usr/local/bin/
+RUN chmod 0755 /usr/local/bin/docker-entrypoint.sh
 ENTRYPOINT ["docker-entrypoint.sh"]
 
 EXPOSE 8080
