diff --git a/Dockerfile b/Dockerfile index 9171e15..4c48c20 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,9 +5,19 @@ MAINTAINER Andrey Arapov ENV DEBIAN_FRONTEND noninteractive RUN apt-get update -RUN apt-get install -yq keepass2 xdotool \ +RUN apt-get install -yq keepass2 xdotool paxctl \ && rm -rf /var/lib/apt/lists +# make KeePass2 grsec friendly +# m: Disable MPROTECT // grsec: denied RWX mmap of +# (runtime only, since xattrs are not preserved in Docker's final image) +# RUN setfattr -n user.pax.flags -v "m" /usr/bin/mono-sgen +# +# (permanent change, by converting the binary headers PT_GNU_STACK into PT_PAX_FLAGS) +# m: Disable MPROTECT // grsec: denied RWX mmap of +RUN paxctl -c -v -m /usr/bin/mono-sgen + + ENV USER user ENV UID 1000 ENV HOME /home/$USER