Merge pull request #124 from andyzhangx/nonroot

andyzhangx · web-flow · commit 341d13370468 · 2020-09-30T12:35:01.000+08:00
fix: create nonroot user in Dockerfile
diff --git a/.github/workflows/darwin.yaml b/.github/workflows/darwin.yaml
@@ -1,4 +1,4 @@
-name: MacOS Unit Tests
+name: MacOS Build & Unit Test
 on:
   push:
     branches: [ master ]
diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml
@@ -1,4 +1,4 @@
-name: Linux Unit tests
+name: Ubuntu Test
 on:
   push:
     branches: [ master ]
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
@@ -1,4 +1,4 @@
-name: Windows Unit Tests
+name: Windows Build & Unit Test
 on:
   push:
     branches: [ master ]
diff --git a/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml b/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml
@@ -90,6 +90,8 @@ spec:
           env:
             - name: CSI_ENDPOINT
               value: unix:///csi/csi.sock
+          securityContext:
+            runAsUser: 0
           volumeMounts:
             - mountPath: /csi
               name: socket-dir
diff --git a/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml b/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml
@@ -100,6 +100,7 @@ spec:
                   fieldPath: spec.nodeName
           securityContext:
             privileged: true
+            runAsUser: 0
           volumeMounts:
             - mountPath: /csi
               name: socket-dir
diff --git a/deploy/csi-smb-controller.yaml b/deploy/csi-smb-controller.yaml
@@ -86,6 +86,8 @@ spec:
           env:
             - name: CSI_ENDPOINT
               value: unix:///csi/csi.sock
+          securityContext:
+            runAsUser: 0
           volumeMounts:
             - mountPath: /csi
               name: socket-dir
diff --git a/deploy/csi-smb-node.yaml b/deploy/csi-smb-node.yaml
@@ -96,6 +96,7 @@ spec:
                   fieldPath: spec.nodeName
           securityContext:
             privileged: true
+            runAsUser: 0
           volumeMounts:
             - mountPath: /csi
               name: socket-dir
diff --git a/pkg/smbplugin/Dockerfile b/pkg/smbplugin/Dockerfile
@@ -25,5 +25,9 @@ RUN clean-install ca-certificates cifs-utils util-linux e2fsprogs mount udev xfs
 LABEL maintainers="andyzhangx"
 LABEL description="SMB CSI Driver"
 
+# Create a nonroot user
+RUN useradd -u 10001 nonroot
+USER nonroot
+
 COPY ./_output/smbplugin /smbplugin
 ENTRYPOINT ["/smbplugin"]
diff --git a/pkg/smbplugin/dev.Dockerfile b/pkg/smbplugin/dev.Dockerfile
@@ -17,5 +17,9 @@ RUN apt-get update && apt-get install -y ca-certificates cifs-utils util-linux e
 LABEL maintainers="andyzhangx"
 LABEL description="SMB CSI Driver"
 
+# Create a nonroot user
+RUN useradd -u 10001 nonroot
+USER nonroot
+
 COPY ./_output/smbplugin /smbplugin
 ENTRYPOINT ["/smbplugin"]

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-name: MacOS Unit Tests`
	`1`	`+name: MacOS Build & Unit Test`
`2`	`2`	`on:`
`3`	`3`	`push:`
`4`	`4`	`branches: [ master ]`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-name: Linux Unit tests`
	`1`	`+name: Ubuntu Test`
`2`	`2`	`on:`
`3`	`3`	`push:`
`4`	`4`	`branches: [ master ]`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-name: Windows Unit Tests`
	`1`	`+name: Windows Build & Unit Test`
`2`	`2`	`on:`
`3`	`3`	`push:`
`4`	`4`	`branches: [ master ]`