Skip to content
Snippets Groups Projects
Commit 1b5b51b0 authored by nimrod's avatar nimrod
Browse files

Limited user.

Use capabilities to bind to lower number port. Also, remove the expose
directive, it's already in the original image.
parent 5b20a450
No related branches found
No related tags found
No related merge requests found
Pipeline #820 passed
......@@ -4,11 +4,14 @@ FROM registry.hub.docker.com/cznic/knot:latest
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
gettext-base \
libcap2-bin \
&& \
setcap CAP_NET_BIND_SERVICE=+ep /sbin/knotd && \
chmod 777 /storage /rundir && \
rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
COPY --chown=root:root entrypoint /usr/local/bin/
COPY --chown=root:root knot.conf /etc/knot/
EXPOSE 53/tcp 53/udp
ENTRYPOINT ["entrypoint"]
CMD ["knotd", "-vc", "/etc/knot/knot.conf"]
USER nobody
HEALTHCHECK CMD knotc status
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment