From c70e818721fcc1213c5e594036690d259d262fd3 Mon Sep 17 00:00:00 2001 From: Andrey Arapov Date: Sat, 24 Jun 2017 16:11:27 +0200 Subject: [PATCH] updates --- Dockerfile | 33 ++++++--------------------------- docker-compose.yml | 1 + 2 files changed, 7 insertions(+), 27 deletions(-) diff --git a/Dockerfile b/Dockerfile index 108dd5c..13f6ac7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,36 +1,15 @@ -FROM ubuntu:zesty +FROM debian:stretch MAINTAINER Andrey Arapov # To avoid problems with Dialog and curses wizards -ENV DEBIAN_FRONTEND noninteractive +ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update -RUN apt-get -y --no-install-recommends install keepass2 xdotool paxctl \ +RUN apt-get -y --no-install-recommends install keepass2 xdotool \ && rm -rf /var/lib/apt/lists -# make KeePass2 grsec friendly -# -# To build the Docker image, I currently had to disable the following grsec protections: -# # grep -E "chroot_deny_chmod|chroot_deny_mknod|chroot_caps" /etc/sysctl.d/grsec.conf -# kernel.grsecurity.chroot_deny_chmod = 0 -# kernel.grsecurity.chroot_deny_mknod = 0 -# kernel.grsecurity.chroot_caps = 0 (relates to a systemd package) -# -# m: Disable MPROTECT // grsec: denied RWX mmap of -# (runtime only, since xattrs are not preserved in Docker's final image) -# RUN setfattr -n user.pax.flags -v "m" /usr/bin/mono-sgen -# -# (permanent change, by converting the binary headers PT_GNU_STACK into PT_PAX_FLAGS) -# m: Disable MPROTECT // grsec: denied RWX mmap of -RUN paxctl -c -v -m /usr/bin/mono-sgen - - -ENV USER user -ENV UID 1000 -ENV HOME /home/$USER -RUN useradd -u $UID -m -d $HOME -s /usr/sbin/nologin $USER - -WORKDIR $HOME -USER $USER +RUN useradd -u 1000 -m -d /home/user -s /usr/sbin/nologin user +WORKDIR /home/user +USER user ENTRYPOINT keepass2 diff --git a/docker-compose.yml b/docker-compose.yml index 8034e75..01ef3ea 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,6 +3,7 @@ version: '2' services: keepass2: image: local/keepass2 + build: . network_mode: bridge volumes: - /tmp/.X11-unix:/tmp/.X11-unix