144b701453
Re-using an inherited file descriptor to /dev/urandom frees us from problems with mount options including 'nodev' and removes a capability from the set we need. Change-Id: I70337e923f802d7efbd3159c11a4e39f6529b6e6 Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
41 lines
No EOL
1.4 KiB
Text
41 lines
No EOL
1.4 KiB
Text
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
FROM archlinux
|
|
|
|
RUN pacman -Syu --noconfirm && \
|
|
pacman -S --noconfirm libpng fontconfig cpio \
|
|
nano \
|
|
openssh inotify-tools \
|
|
libxcb libxrender libxext \
|
|
wqy-zenhei wqy-microhei ttf-droid \
|
|
noto-fonts-cjk perl
|
|
|
|
# copy freshly built LOKit and Collabora Online
|
|
COPY /instdir /
|
|
|
|
# copy the shell script which can start Collabora Online (coolwsd)
|
|
COPY /start-collabora-online.sh /
|
|
|
|
# set up Collabora Online (normally done by postinstall script of package)
|
|
# Fix permissions
|
|
RUN setcap cap_fowner,cap_chown,cap_sys_chroot=ep /usr/bin/coolforkit && \
|
|
setcap cap_sys_admin=ep /usr/bin/coolmount && \
|
|
useradd --system --user-group --create-home --home-dir /opt/cool cool && \
|
|
rm -rf /opt/cool && \
|
|
mkdir -p /opt/cool/child-roots && \
|
|
coolwsd-systemplate-setup /opt/cool/systemplate /opt/lokit >/dev/null 2>&1 && \
|
|
touch /var/log/coolwsd.log && \
|
|
chown cool:cool /var/log/coolwsd.log && \
|
|
chown -R cool:cool /opt/ && \
|
|
chown -R cool:cool /etc/coolwsd
|
|
|
|
EXPOSE 9980
|
|
|
|
RUN usermod -u 972 cool
|
|
|
|
# switch to cool user (use numeric user id to be compatible with Kubernetes Pod Security Policies)
|
|
USER 972
|
|
|
|
CMD ["/start-collabora-online.sh"] |