Skip to content

Commit 8d7912a

Browse files
iocronLagoja
iocron
and
Lagoja
authored
[docker] security fix of sudo/chown/user issue #1638 (#1639)
## Summary Potential fix of mentioned security issue: #1638 ## How was it tested? devbox generate dockerfile docker build -t devbox-test . docker run -it devbox-test --------- Co-authored-by: John Lago <[email protected]>
1 parent fd04fe0 commit 8d7912a

File tree

1 file changed

+6
-2
lines changed

1 file changed

+6
-2
lines changed

internal/impl/generate/tmpl/devcontainerDockerfile.tmpl

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,15 @@
44

55
# Installing your devbox project
66
WORKDIR /code
7+
{{- if not .RootUser }}
8+
USER ${DEVBOX_USER}:${DEVBOX_USER}
9+
COPY --chown=${DEVBOX_USER}:${DEVBOX_USER} devbox.json devbox.json
10+
COPY --chown=${DEVBOX_USER}:${DEVBOX_USER} devbox.lock devbox.lock
11+
{{- else}}
712
COPY devbox.json devbox.json
813
COPY devbox.lock devbox.lock
9-
{{- if not .RootUser }}
10-
RUN sudo chown -R "${DEVBOX_USER}:${DEVBOX_USER}" /code
1114
{{- end}}
15+
1216
{{if len .LocalFlakeDirs}}
1317
# Step 6: Copying local flakes directories
1418
{{- end}}

0 commit comments

Comments
 (0)