Drop privs when running admin too

main
Florent Daigniere 2 years ago
parent 42cd5bf2dc
commit 699be6f9fa

@ -9,23 +9,23 @@ LABEL version=$VERSION
RUN set -euxo pipefail \ RUN set -euxo pipefail \
; apk add --no-cache libressl mariadb-connector-c postgresql-libs ; apk add --no-cache libressl mariadb-connector-c postgresql-libs
COPY --from=assets /work/static/ ./mailu/static/ EXPOSE 80/tcp
HEALTHCHECK CMD curl -skfLo /dev/null http://localhost/sso/login
VOLUME ["/data","/dkim"]
ENV FLASK_APP=mailu
COPY --from=assets /work/static/ ./mailu/static/
COPY audit.py / COPY audit.py /
COPY start.py / COPY start.py /
COPY migrations/ ./migrations/ COPY migrations/ ./migrations/
COPY mailu/ ./mailu/ COPY mailu/ ./mailu/
RUN set -euxo pipefail \ RUN set -euxo pipefail \
; venv/bin/pybabel compile -d mailu/translations ; venv/bin/pybabel compile -d mailu/translations
RUN echo $VERSION >/version RUN echo $VERSION >/version
EXPOSE 80/tcp
HEALTHCHECK CMD curl -skfLo /dev/null http://localhost/sso/login?next=ui.index
VOLUME ["/data","/dkim"]
ENV FLASK_APP=mailu
CMD /start.py CMD /start.py

@ -2,8 +2,14 @@
import os import os
import logging as log import logging as log
from pwd import getpwnam
import sys import sys
os.system("chown mailu:mailu -R /data /dkim")
mailu_id = getpwnam('mailu')
os.setgid(mailu_id.pw_gid)
os.setuid(mailu_id.pw_uid)
log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "INFO")) log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "INFO"))
os.system("flask mailu advertise") os.system("flask mailu advertise")

Loading…
Cancel
Save