- statsd_exporter

lfrancke · lfrancke · commit 502b864a5dff · 2024-10-15T09:12:26.000+02:00
- superset
diff --git a/stackable-base/Dockerfile b/stackable-base/Dockerfile
@@ -148,7 +148,7 @@ chown ${STACKABLE_USER_UID}:0 /stackable/.bashrc
 chown ${STACKABLE_USER_UID}:0 /stackable/.profile
 
 cp /root/.curlrc /stackable/.curlrc
-chown stackable:0 /stackable/.curlrc
+chown ${STACKABLE_USER_UID}:0 /stackable/.curlrc
 
 # CVE-2023-37920: Remove "e-Tugra" root certificates
 # e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems
diff --git a/statsd_exporter/Dockerfile b/statsd_exporter/Dockerfile
@@ -3,10 +3,11 @@
 
 FROM stackable/image/stackable-base
 ARG PRODUCT
+ARG STACKABLE_USER_UID
 
 WORKDIR /statsd_exporter
 
-RUN --mount=type=cache,id=go-statsd-exporter,uid=1000,target=/go_cache <<EOF
+RUN --mount=type=cache,id=go-statsd-exporter,uid=${STACKABLE_USER_UID},target=/go_cache <<EOF
 microdnf update
 
 # Tar and gzip are used to unpack the statsd_exporter source
diff --git a/superset/Dockerfile b/superset/Dockerfile
@@ -91,6 +91,7 @@ FROM stackable/image/vector
 ARG PRODUCT
 ARG PYTHON
 ARG RELEASE
+ARG STACKABLE_USER_UID
 
 LABEL name="Apache Superset" \
       maintainer="info@stackable.tech" \
@@ -107,22 +108,30 @@ ENV FLASK_APP="superset.app:create_app()" \
 ENV PATH="${HOME}/app/bin:${PATH}" \
     PYTHONPATH="${HOME}/app/pythonpath"
 
-RUN microdnf update \
-    && microdnf install \
-        cyrus-sasl \
-        openldap \
-        openldap-clients \
-        openssl-libs \
-        openssl-pkcs11 \
-        python${PYTHON} \
-    && microdnf clean all && \
-    rm -rf /var/cache/yum
+RUN <<EOF
+microdnf update
+microdnf install \
+  cyrus-sasl \
+  openldap \
+  openldap-clients \
+  openssl-libs \
+  openssl-pkcs11 \
+  python${PYTHON}
+
+microdnf clean all
+rm -rf /var/cache/yum
+
+# All files and folders owned by root to support running as arbitrary users
+# This is best practice as all container users will belong to the root group (0)
+chown -R ${STACKABLE_USER_UID}:0 /stackable
+chmod -R g=u /stackable
+EOF
 
 COPY superset/licenses /licenses
 
-COPY --from=builder --chown=stackable:stackable /stackable/ ${HOME}/
+COPY --from=builder --chown=${STACKABLE_USER_UID}:0 /stackable/ ${HOME}/
 
-USER stackable
+USER ${STACKABLE_USER_UID}
 WORKDIR ${HOME}
 
 CMD ["/bin/sh", "-c", \
