From be01bc1d270d1d0f1bed0c22a52803ac829da6ad Mon Sep 17 00:00:00 2001
From: Will Norris <will@willnorris.com>
Date: Fri, 22 Mar 2019 07:07:32 +0000
Subject: [PATCH] docker: run imageproxy as non-privileged user

---
 Dockerfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 66aafbb..5f832f0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,8 @@
 FROM golang:1.9 as build
 MAINTAINER Will Norris <will@willnorris.com>
 
+RUN useradd -u 1001 go
+
 WORKDIR /go/src/willnorris.com/go/imageproxy
 ADD . .
 
@@ -12,10 +14,13 @@ FROM scratch
 
 WORKDIR /go/bin
 
+COPY --from=build /etc/passwd /etc/passwd
 COPY --from=build /usr/share/zoneinfo /usr/share/zoneinfo
 COPY --from=build /etc/ssl/certs /etc/ssl/certs
 COPY --from=build /go/bin/imageproxy .
 
+USER go
+
 CMD ["-addr", "0.0.0.0:8080"]
 ENTRYPOINT ["/go/bin/imageproxy"]