Fossil

Dockerfile-nojail.patch
Login

File containers/Dockerfile-nojail.patch from the latest check-in


Index: Dockerfile
==================================================================
--- Dockerfile
+++ Dockerfile
@@ -61,13 +61,13 @@
 ## ---------------------------------------------------------------------
 ## STAGE 2: Pare that back to the bare essentials.
 ## ---------------------------------------------------------------------
 
 FROM scratch
-WORKDIR /jail
+WORKDIR /
 ARG UID=499
-ENV PATH "/bin:/jail/bin"
+ENV PATH "/bin"
 
 ### Lay BusyBox down as the first base layer. Coupled with the host's
 ### kernel, this is the "OS."
 COPY --from=builder /tmp/bbx/busybox /bin/
 RUN [ "/bin/busybox", "--install", "/bin" ]
@@ -78,20 +78,17 @@
 RUN set -x                                                             \
     && echo 'root:x:0:0:SysAdmin:/:/bin/nologin' > /etc/passwd         \
     && echo 'root:x:0:root'                      > /etc/group          \
     && addgroup -S -g ${UID} fossil                                    \
     && adduser -S -h `pwd` -g 'Fossil User' -G fossil -u ${UID} fossil \
-    && install -d -m 700 -o fossil -g fossil log museum                \
-    && install -d -m 755 -o fossil -g fossil dev                       \
-    && mknod -m 666 dev/null    c 1 3                                  \
-    && mknod -m 444 dev/urandom c 1 9
+    && install -d -m 700 -o fossil -g fossil log museum
 
 ### Do Fossil-specific things atop those base layers; this will change
 ### as often as the Fossil build-from-source layer above.
 COPY --from=builder /tmp/fossil bin/
 RUN set -x                                                             \
-    && ln -s /jail/bin/fossil /bin/f                                   \
+    && ln -s /bin/fossil /bin/f                                   \
     && echo -e '#!/bin/sh\nfossil sha1sum "$@"' > /bin/sha1sum         \
     && echo -e '#!/bin/sh\nfossil sha3sum "$@"' > /bin/sha3sum         \
     && echo -e '#!/bin/sh\nfossil sqlite3 --no-repository "$@"' >      \
        /bin/sqlite3                                                    \
     && chmod +x /bin/sha?sum /bin/sqlite3
@@ -100,12 +97,12 @@
 ## ---------------------------------------------------------------------
 ## STAGE 3: Run!
 ## ---------------------------------------------------------------------
 
 EXPOSE 8080/tcp
+USER fossil
 CMD [ \
     "bin/fossil", "server", \
-    "--chroot", "/jail",    \
     "--create",             \
     "--jsmode", "bundled",  \
     "--user", "admin",      \
     "museum/repo.fossil"]