69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
-
-
-
-
+
+
+
+
|
COPY --from=builder /etc/os-release /etc/
RUN [ "/bin/busybox", "--install", "/bin" ]
### Set up that base OS for our specific use without tying it to
### anything likely to change often. So long as the user leaves
### UID alone, this layer will be durable.
RUN set -x \
&& echo 'root:x:0:0:SysAdmin:/:/bin/nologin' > /etc/passwd \
&& echo 'root:x:0:root' > /etc/group \
&& addgroup -S -g ${UID} fossil \
&& adduser -S -h `pwd` -g 'Fossil User' -G fossil -u ${UID} fossil \
&& echo "root:x:0:0:Admin:/:/false" > /etc/passwd \
&& echo "root:x:0:root" > /etc/group \
&& echo "fossil:x:${UID}:${UID}:User:/jail:/false" >> /etc/passwd \
&& echo "fossil:x:${UID}:fossil" >> /etc/group \
&& install -d -m 700 -o fossil -g fossil log museum \
&& install -d -m 755 -o fossil -g fossil dev \
&& install -d -m 755 -o root -g root /usr/bin \
&& install -d -m 400 -o root -g root /run \
&& install -d -m 1777 -o root -g root /tmp \
&& mknod -m 666 dev/null c 1 3 \
&& mknod -m 444 dev/urandom c 1 9
|