Run CCSDK dockers as non-root
Update CCSDK docker images to run as non-root user by default
Change-Id: Ia07c433a0e6f041d6684f24b765f4c1733b51162
Issue-ID: CCSDK-1099
Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>
diff --git a/odlsli/odlsli-alpine/src/main/docker/Dockerfile b/odlsli/odlsli-alpine/src/main/docker/Dockerfile
index b905467..2703a7d 100644
--- a/odlsli/odlsli-alpine/src/main/docker/Dockerfile
+++ b/odlsli/odlsli-alpine/src/main/docker/Dockerfile
@@ -26,7 +26,7 @@
RUN sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,${ODL_BOOT_FEATURES_EXTRA}|" $ODL_HOME/etc/org.apache.karaf.features.cfg
# Create odl user
-RUN adduser -S odl
+RUN addgroup -S odl && adduser -S odl -G odl
# Install ansible
#COPY ansible-sources.list /etc/apt/sources.list.d
@@ -46,9 +46,11 @@
# copy deliverables to opt
-COPY opt /opt
-COPY org.ops4j.pax.logging.cfg /opt/opendaylight/etc/org.ops4j.pax.logging.cfg
+COPY --chown=odl:odl opt /opt
+COPY --chown=odl:odl org.ops4j.pax.logging.cfg /opt/opendaylight/etc/org.ops4j.pax.logging.cfg
+RUN chown -R odl:odl /opt
+USER odl
ENTRYPOINT /opt/onap/ccsdk/bin/startODL.sh
EXPOSE 8181