From 3e2be03c0649d150d8babf9a594695f6035297b7 Mon Sep 17 00:00:00 2001 From: Jingyuan Liang Date: Mon, 27 Feb 2023 23:57:31 +0000 Subject: [PATCH] Fix go-build-template update: iptables can't run as nobody --- .gitignore | 2 +- Dockerfile.in | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index a6a061e..1473acd 100644 --- a/.gitignore +++ b/.gitignore @@ -3,7 +3,7 @@ /.push-* /.container-* /.dockerfile-* -/.licenses +/.licenses* /.buildx-initialized # Emacs save files diff --git a/Dockerfile.in b/Dockerfile.in index c66e884..b101cbd 100644 --- a/Dockerfile.in +++ b/Dockerfile.in @@ -32,8 +32,8 @@ ARG HASH_BINARY=0 # Add the platform-specific binary. COPY bin/{ARG_OS}_{ARG_ARCH}/{ARG_BIN} /{ARG_BIN} -# This would be nicer as `nobody:nobody` but distroless has no such entries. -USER 65535:65535 +# This container has to run as root for iptables. Be explicit here. +USER 0:0 ENV HOME / ENTRYPOINT ["/{ARG_BIN}"]