Reduce OneDocker runtime permissions (#2311)

Summary: Pull Request resolved: #2311 This change updates OneDocker image runtime to use a non-root user, with limited permissions. This is necessary for security isolation. Reviewed By: musebc Differential Revision: D46566033 fbshipit-source-id: 653b9b6a46f3b2070a647abd6d161a904fb60610
facebookresearch · Jun 8, 2023 · 685371b · 685371b
1 parent 7d751ca
commit 685371b
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/docker/onedocker/prod/Dockerfile.ubuntu b/docker/onedocker/prod/Dockerfile.ubuntu
@@ -63,4 +63,7 @@ ENV WRITE_ROUTING_SCRIPT="/home/onedocker/package/write_routing.sh"
 RUN echo "%${caAdminGroup} ALL=(ALL) NOPASSWD: ${WRITE_ROUTING_SCRIPT}" >> /etc/sudoers
 
 CMD ["/bin/bash"]
+
+# Switch to non-root user for security purposes
+USER onedocker
 WORKDIR /home/onedocker