Browse Source

Don't run service as root

master
Chris Kankiewicz 8 years ago
parent
commit
9e311b4dcb
  1. 9
      Dockerfile
  2. 4
      files/config.ini

9
Dockerfile

@ -7,6 +7,9 @@ ENV MUMBLE_VERSION 1.2.17
# Create Mumble directories # Create Mumble directories
RUN mkdir -pv /opt/mumble /etc/mumble RUN mkdir -pv /opt/mumble /etc/mumble
# Create non-root user
RUN adduser -DHs /sbin/nologin mumble
# Copy config file # Copy config file
COPY files/config.ini /etc/mumble/config.ini COPY files/config.ini /etc/mumble/config.ini
@ -22,9 +25,15 @@ RUN apk add --update ca-certificates bzip2 tar tzdata wget \
&& wget -qO- ${BZIP_URL} | tar -xjv --strip-components=1 -C /opt/mumble \ && wget -qO- ${BZIP_URL} | tar -xjv --strip-components=1 -C /opt/mumble \
&& apk del ca-certificates bzip2 tar wget && rm -rf /var/cache/apk/* && apk del ca-certificates bzip2 tar wget && rm -rf /var/cache/apk/*
# Chown files
RUN chown -Rv mumble:mumble /etc/mumble /opt/mumble
# Expose ports # Expose ports
EXPOSE 64738 64738/udp EXPOSE 64738 64738/udp
# Set running user
USER mumble
# Set volumes # Set volumes
VOLUME /etc/mumble VOLUME /etc/mumble

4
files/config.ini

@ -4,3 +4,7 @@
# Path to database. If blank, will search for # Path to database. If blank, will search for
# murmur.sqlite in default locations or create it if not found. # murmur.sqlite in default locations or create it if not found.
database=/etc/mumble/murmur.sqlite database=/etc/mumble/murmur.sqlite
# If Murmur is started as root, which user should it switch to?
# This option is ignored if Murmur isn't started with root privileges.
uname=mumble
Loading…
Cancel
Save