[docker] security fix of sudo/chown/user issue #1638 (#1639)

iocron · Lagoja · web-flow · commit 8d7912a42d9f · 2023-11-29T13:41:29.000-05:00
## Summary Potential fix of mentioned security issue: #1638 ## How was it tested? devbox generate dockerfile docker build -t devbox-test . docker run -it devbox-test --------- Co-authored-by: John Lago <750845+Lagoja@users.noreply.github.com>
diff --git a/internal/impl/generate/tmpl/devcontainerDockerfile.tmpl b/internal/impl/generate/tmpl/devcontainerDockerfile.tmpl
@@ -4,11 +4,15 @@
 
 # Installing your devbox project
 WORKDIR /code
+{{- if not .RootUser }}
+USER ${DEVBOX_USER}:${DEVBOX_USER}
+COPY --chown=${DEVBOX_USER}:${DEVBOX_USER} devbox.json devbox.json
+COPY --chown=${DEVBOX_USER}:${DEVBOX_USER} devbox.lock devbox.lock
+{{- else}}
 COPY devbox.json devbox.json
 COPY devbox.lock devbox.lock
-{{- if not .RootUser }}
-RUN sudo chown -R "${DEVBOX_USER}:${DEVBOX_USER}" /code
 {{- end}}
+
 {{if len .LocalFlakeDirs}}
 # Step 6: Copying local flakes directories
 {{- end}}
