blueos-ping-viewer-next: Dockerfile: Fix to limit permissions for serial devices

Author: RaulTrombin

blueos-ping-viewer-next/Dockerfile

@@ -4,18 +4,23 @@ RUN apk add --no-cache bash
 COPY ./blueos-ping-viewer-next/files/ping-viewer-next.* /
 COPY ./blueos-ping-viewer-next/files/entrypoint.sh /
 
+RUN mkdir -p /app
 RUN chmod +x /entrypoint.sh && \
     if [ "$(uname -m)" = "aarch64" ]; then \
-        cp /ping-viewer-next.aarch64 /ping-viewer-next; \
+        cp /ping-viewer-next.aarch64 /app/ping-viewer-next; \
     elif [ "$(uname -m)" = "x86_64" ]; then \
-        cp /ping-viewer-next.x86_64 /ping-viewer-next; \
+        cp /ping-viewer-next.x86_64 /app/ping-viewer-next; \
     else \
-        cp /ping-viewer-next.armv7 /ping-viewer-next; \
+        cp /ping-viewer-next.armv7 /app/ping-viewer-next; \
     fi && \
-    chmod +x /ping-viewer-next && \
+    chmod +x  /app/ping-viewer-next && \
     rm /ping-viewer-next.*
 LABEL version="0.0.0"
 
+RUN addgroup -g 1000 pingviewer && adduser -G pingviewer -u 1000 pingviewer -D
+RUN chown pingviewer:pingviewer /app
+USER 1000:1000
+
 # Add docker configuration
 LABEL permissions='{\
   "ExposedPorts": {\

blueos-ping-viewer-next/files/entrypoint.sh

@@ -1,4 +1,5 @@
 #!/bin/bash
 set -m
 echo "Starting ping viewer next..."
+cd /app
 ./ping-viewer-next --enable-auto-create --rest-server 0.0.0.0:6060