mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-04-22 22:27:47 -04:00
Change UBI docker user to elasticsearch (#88262)
Closes #88218. Docker image scans have flagged up the `USER` that the UBI Docker image runs with. Switch to `elasticsearch:root`, which is what the Iron Bank image also uses, and is what we use for all images from 8.0 onwards.
This commit is contained in:
Rory Hunter
GitHub
parent
daa37125dd
commit
3f770e7caf
3 changed files with 19 additions and 2 deletions
|
|
@ -250,7 +250,7 @@ RUN mkdir /licenses && cp LICENSE.txt /licenses/LICENSE
|
|||
COPY LICENSE /licenses/LICENSE.addendum
|
||||
<% } %>
|
||||
|
||||
<% if (docker_base == 'iron_bank') { %>
|
||||
<% if (docker_base == 'ubi' || docker_base == 'iron_bank') { %>
|
||||
USER elasticsearch:root
|
||||
<% } %>
|
||||
|
||||
|
|
|
|||
6
docs/changelog/88262.yaml
Normal file
6
docs/changelog/88262.yaml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
pr: 88262
|
||||
summary: Change UBI docker user to `elasticsearch`
|
||||
area: Packaging
|
||||
type: enhancement
|
||||
issues:
|
||||
- 88218
|
||||
|
|
@ -918,9 +918,20 @@ public class DockerTests extends PackagingTestCase {
|
|||
|
||||
final String[] fields = processes.get(0).trim().split("\\s+", 4);
|
||||
|
||||
String expectedUid;
|
||||
switch (distribution.packaging) {
|
||||
case DOCKER_IRON_BANK:
|
||||
case DOCKER_UBI:
|
||||
expectedUid = "1000";
|
||||
break;
|
||||
default:
|
||||
expectedUid = "0";
|
||||
break;
|
||||
}
|
||||
|
||||
assertThat(fields, arrayWithSize(4));
|
||||
assertThat("Incorrect PID", fields[0], equalTo("1"));
|
||||
assertThat("Incorrect UID", fields[1], equalTo(distribution.packaging == Packaging.DOCKER_IRON_BANK ? "1000" : "0"));
|
||||
assertThat("Incorrect UID", fields[1], equalTo(expectedUid));
|
||||
assertThat("Incorrect GID", fields[2], equalTo("0"));
|
||||
assertThat("Incorrect init command", fields[3], startsWith("/bin/tini"));
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue