Skip to content
  • Emanuele Aina's avatar
    docker-compose: Explicitly set the runtime user id · e288067e
    Emanuele Aina authored and Luis Araujo's avatar Luis Araujo committed
    
    
    The current containers are run with some unfortunate defaults:
    * the posgres one switches to user 999:999
    * the apertis-qa-report runs as root:root (the real one, as userns
      are not used by Docker by default)
    
    This raises important security concerns and is cumbersome to manage.
    
    To avoid that, explicitly set the numeric uid:gid when instantiating
    both containers, so they get run by non-root and file permissions are
    consistent both inside and outside of the container.
    
    Using the `RUN_USER` environment variable a custom user can be selected.
    Use numeric uid/gid to avoid errors due to the user not existing in
    the container.
    
    Signed-off-by: Emanuele Aina's avatarEmanuele Aina <emanuele.aina@collabora.com>
    e288067e