Spaces:
Sleeping
Sleeping
John Graham Reynolds
commited on
Commit
·
d9ea188
1
Parent(s):
09769f9
run an as user, not root
Browse files- Dockerfile +9 -0
Dockerfile
CHANGED
|
@@ -8,6 +8,9 @@ RUN apt-get update && apt-get install -y \
|
|
| 8 |
git \
|
| 9 |
&& rm -rf /var/lib/apt/lists/*
|
| 10 |
|
|
|
|
|
|
|
|
|
|
| 11 |
COPY requirements.txt ./
|
| 12 |
COPY src/ ./src/
|
| 13 |
COPY faiss_index/ ./faiss_index/
|
|
@@ -17,6 +20,12 @@ COPY .streamlit/ ./.streamlit/
|
|
| 17 |
|
| 18 |
RUN pip3 install -r requirements.txt
|
| 19 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 20 |
EXPOSE 8501
|
| 21 |
|
| 22 |
HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health
|
|
|
|
| 8 |
git \
|
| 9 |
&& rm -rf /var/lib/apt/lists/*
|
| 10 |
|
| 11 |
+
# Create a non-root user
|
| 12 |
+
RUN useradd --create-home --shell /bin/bash appuser
|
| 13 |
+
|
| 14 |
COPY requirements.txt ./
|
| 15 |
COPY src/ ./src/
|
| 16 |
COPY faiss_index/ ./faiss_index/
|
|
|
|
| 20 |
|
| 21 |
RUN pip3 install -r requirements.txt
|
| 22 |
|
| 23 |
+
# Change ownership of the app directory to the appuser
|
| 24 |
+
RUN chown -R appuser:appuser /app
|
| 25 |
+
|
| 26 |
+
# Switch to the non-root user
|
| 27 |
+
USER appuser
|
| 28 |
+
|
| 29 |
EXPOSE 8501
|
| 30 |
|
| 31 |
HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health
|