144b701453
Re-using an inherited file descriptor to /dev/urandom frees us from problems with mount options including 'nodev' and removes a capability from the set we need. Change-Id: I70337e923f802d7efbd3159c11a4e39f6529b6e6 Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
40 lines
1.5 KiB
Text
40 lines
1.5 KiB
Text
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
FROM opensuse/leap
|
|
|
|
# refresh repos otherwise installations later may fail
|
|
# install LibreOffice run-time dependencies
|
|
# install timezone data to accept the TZ environment variable
|
|
# install an editor
|
|
# tdf#117557 - Add CJK Fonts to Collabora Online Docker Image
|
|
RUN zypper ref && \
|
|
zypper --non-interactive install libcap-progs libpng16-16 fontconfig nano openssh inotify-tools timezone
|
|
|
|
# copy freshly built LOKit and Collabora Online
|
|
COPY /instdir /
|
|
|
|
# copy the shell script which can start Collabora Online (coolwsd)
|
|
COPY /start-collabora-online.sh /
|
|
|
|
# set up Collabora Online (normally done by postinstall script of package)
|
|
# Fix permissions
|
|
RUN setcap cap_fowner,cap_chown,cap_sys_chroot=ep /usr/bin/coolforkit && \
|
|
setcap cap_sys_admin=ep /usr/bin/coolmount && \
|
|
groupadd -r cool && \
|
|
useradd -g cool -r cool -d /opt/cool -s /bin/bash && \
|
|
rm -rf /opt/cool && \
|
|
mkdir -p /opt/cool/child-roots && \
|
|
coolwsd-systemplate-setup /opt/cool/systemplate /opt/lokit >/dev/null 2>&1 && \
|
|
touch /var/log/coolwsd.log && \
|
|
chown cool:cool /var/log/coolwsd.log && \
|
|
chown -R cool:cool /opt/ && \
|
|
chown -R cool:cool /etc/coolwsd
|
|
|
|
EXPOSE 9980
|
|
|
|
# switch to cool user (use numeric user id to be compatible with Kubernetes Pod Security Policies)
|
|
USER 498
|
|
|
|
CMD ["/start-collabora-online.sh"]
|