mirror of
https://github.com/Py-KMS-Organization/py-kms.git
synced 2026-04-19 21:23:42 +00:00
Added more permission hardening
Signed-off-by: simonmicro <simon@simonmicro.de>
This commit is contained in:
parent
a7db498206
commit
94419c1a2f
3 changed files with 27 additions and 7 deletions
|
|
@ -41,6 +41,13 @@ COPY docker/healthcheck.py /usr/bin/healthcheck.py
|
|||
COPY docker/start.py /usr/bin/start.py
|
||||
RUN chmod 555 /usr/bin/entrypoint.py /usr/bin/healthcheck.py /usr/bin/start.py
|
||||
|
||||
# Additional permission hardening: All files read-only for the executing user
|
||||
RUN chown root: -R /home/py-kms && \
|
||||
chmod 444 -R /home/py-kms && \
|
||||
chown py-kms: /home/py-kms && \
|
||||
chmod 700 /home/py-kms && \
|
||||
find /home/py-kms -type d -print -exec chmod +x {} ';'
|
||||
|
||||
# Web-interface specifics
|
||||
COPY LICENSE /LICENSE
|
||||
RUN echo "$BUILD_COMMIT" > /VERSION && echo "$BUILD_BRANCH" >> /VERSION
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue