From 12975685083dca71a527855184bc00c71a3a2cf0 Mon Sep 17 00:00:00 2001
From: Andrey Arapov <andrey.arapov@nixaid.com>
Date: Mon, 5 Mar 2018 11:55:17 +0100
Subject: [PATCH] drop grsec support and make sure hipchat writes its configs

---
 Dockerfile | 19 ++++++-------------
 launch     |  6 ------
 2 files changed, 6 insertions(+), 19 deletions(-)
 delete mode 100755 launch

diff --git a/Dockerfile b/Dockerfile
index c17aa2d..ffc56dd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,27 +4,20 @@ MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
 # To avoid problems with Dialog and curses wizards
 ENV DEBIAN_FRONTEND noninteractive
 
+ADD https://atlassian.artifactoryonline.com/atlassian/api/gpg/key/public /tmp/public
+
 RUN apt-get update && \
-    apt-get -y --no-install-recommends install ca-certificates apt-transport-https wget attr && \
-    wget -O - https://atlassian.artifactoryonline.com/atlassian/api/gpg/key/public | apt-key add - && \
+    apt-get -y --no-install-recommends install ca-certificates apt-transport-https && \
+    cat /tmp/public | apt-key add - && \
     echo "deb https://atlassian.artifactoryonline.com/atlassian/hipchat-apt-client xenial main" > /etc/apt/sources.list.d/atlassian-hipchat4.list && \
     apt-get update && \
     apt-get -y --no-install-recommends install hipchat4 libqt5gui5 && \
     apt-get -fy --no-install-recommends install && \
     rm -rf -- /var/lib/apt/lists/*
 
-# Make HipChat grsec friendly
-#
-# To build the Docker image, I currently had to disable the following grsec protections:
-# # grep -E "chroot_deny_chmod|chroot_deny_mknod|chroot_caps" /etc/sysctl.d/grsec.conf
-# kernel.grsecurity.chroot_deny_chmod = 0
-# kernel.grsecurity.chroot_deny_mknod = 0
-# kernel.grsecurity.chroot_caps = 0 (relates to a systemd package)
-
 RUN useradd -u 1000 -m -d /home/user -s /usr/sbin/nologin -g video user
 
-COPY launch /launch
-
 WORKDIR /home/user
 VOLUME [ "/tmp" ]
-ENTRYPOINT [ "sh", "/launch" ]
+USER user
+ENTRYPOINT [ "/usr/local/bin/hipchat4" ]
diff --git a/launch b/launch
deleted file mode 100755
index ae80145..0000000
--- a/launch
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/usr/bin/env sh
-
-# Make HipChat grsec friendly
-setfattr -n user.pax.flags -v m /opt/HipChat4/lib/HipChat.bin /opt/HipChat4/lib/QtWebEngineProcess.bin
-
-su -p -s /bin/sh -c /usr/local/bin/hipchat4 user