Py-KMS-Organization/py-kms
1
0
Fork 0
mirror of https://github.com/Py-KMS-Organization/py-kms.git synced 2026-04-21 06:03:43 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fixed hardening to allow already dropped users to access the app-dir, fixes #139

Browse source 
Signed-off-by: simonmicro <simon@simonmicro.de>
This commit is contained in:
simonmicro 2026-04-11 16:26:55 +02:00
parent e99762fe7a
commit 7490ba92a4
No known key found for this signature in database
GPG key ID: 033A4D4CE4E063D6
2 changed files with 8 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

9
docker/docker-py3-kms-minimal/Dockerfile
View file

@ -36,11 +36,10 @@ COPY docker/start.py /usr/bin/start.py
RUN chmod 555 /usr/bin/entrypoint.py /usr/bin/healthcheck.py /usr/bin/start.py
# Additional permission hardening: All files read-only for the executing user
RUN chown root: -R /home/py-kms && \
chmod 444 -R /home/py-kms && \
chown py-kms: /home/py-kms && \
chmod 700 /home/py-kms && \
find /home/py-kms -type d -print -exec chmod +x {} ';'
RUN find /home/py-kms -type f -print -exec chmod 444 {} ';' && \
find /home/py-kms -type d -print -exec chmod 555 {} ';' && \
chown root: -R /home/py-kms && \
chown py-kms: /home/py-kms
WORKDIR /home/py-kms

9
docker/docker-py3-kms/Dockerfile
View file

@ -42,11 +42,10 @@ COPY docker/start.py /usr/bin/start.py
RUN chmod 555 /usr/bin/entrypoint.py /usr/bin/healthcheck.py /usr/bin/start.py
# Additional permission hardening: All files read-only for the executing user
RUN chown root: -R /home/py-kms && \
chmod 444 -R /home/py-kms && \
chown py-kms: /home/py-kms && \
chmod 700 /home/py-kms && \
find /home/py-kms -type d -print -exec chmod +x {} ';'
RUN find /home/py-kms -type f -print -exec chmod 444 {} ';' && \
find /home/py-kms -type d -print -exec chmod 555 {} ';' && \
chown root: -R /home/py-kms && \
chown py-kms: /home/py-kms
# Web-interface specifics
COPY LICENSE /LICENSE