From b558d96ed52775058d28050105549865ef74ee3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Ciania?= <mciania@gmail.com>
Date: Thu, 16 Sep 2021 09:54:15 +0200
Subject: [PATCH] Run Docker container as unprivileged user

---
 dockerfile        | 1 +
 dockerfile-alpine | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/dockerfile b/dockerfile
index a10006369..2ff9c4f7c 100644
--- a/dockerfile
+++ b/dockerfile
@@ -28,6 +28,7 @@ RUN apt update && \
 # Copy app files from build layer
 COPY --from=build /app /app
 
+USER node
 EXPOSE 3001
 VOLUME ["/app/data"]
 HEALTHCHECK --interval=60s --timeout=30s --start-period=180s --retries=5 CMD node extra/healthcheck.js
diff --git a/dockerfile-alpine b/dockerfile-alpine
index a9e85c37d..abdaaa3d5 100644
--- a/dockerfile-alpine
+++ b/dockerfile-alpine
@@ -17,13 +17,14 @@ FROM node:14-alpine3.12 AS release
 WORKDIR /app
 
 # Install apprise
-RUN apk add --no-cache python3 py3-cryptography py3-pip py3-six py3-yaml py3-click py3-markdown py3-requests py3-requests-oauthlib && \
+RUN apk add --no-cache iputils python3 py3-cryptography py3-pip py3-six py3-yaml py3-click py3-markdown py3-requests py3-requests-oauthlib && \
             pip3 --no-cache-dir install apprise && \
             rm -rf /root/.cache
 
 # Copy app files from build layer
 COPY --from=build /app /app
 
+USER node
 EXPOSE 3001
 VOLUME ["/app/data"]
 HEALTHCHECK --interval=60s --timeout=30s --start-period=180s --retries=5 CMD node extra/healthcheck.js