From 46a291e32030cab953c1d81ca917f4b6fdbd6963 Mon Sep 17 00:00:00 2001
From: Phil Winder <phil@winderresearch.com>
Date: Tue, 8 Nov 2016 11:19:57 +0000
Subject: [PATCH] Added user to dockerfile. Set caps on java binary to allow
 binding to

---
 docker/shipping/Dockerfile | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/docker/shipping/Dockerfile b/docker/shipping/Dockerfile
index 8ee4fff..250d2de 100644
--- a/docker/shipping/Dockerfile
+++ b/docker/shipping/Dockerfile
@@ -1,8 +1,25 @@
 FROM java:openjdk-8-alpine
 
+ENV	SERVICE_USER=myuser \
+	SERVICE_UID=10001 \
+	SERVICE_GROUP=mygroup \
+	SERVICE_GID=10001
+
+RUN	addgroup -g ${SERVICE_GID} ${SERVICE_GROUP} && \
+	adduser -g "${SERVICE_NAME} user" -D -H -G ${SERVICE_GROUP} -s /sbin/nologin -u ${SERVICE_UID} ${SERVICE_USER} && \
+	apk add --update libcap && \
+	mkdir /lib64 && \
+	ln -s /usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/server/libjvm.so /lib/libjvm.so && \
+	ln -s /usr/lib/jvm/java-1.8-openjdk/lib/amd64/jli/libjli.so /lib/libjli.so && \
+	setcap 'cap_net_bind_service=+ep' $(readlink -f $(which java))
+
 WORKDIR /usr/src/app
 COPY *.jar ./app.jar
 
+RUN	chown -R ${SERVICE_USER}:${SERVICE_GROUP} ./app.jar
+
+USER ${SERVICE_USER}
+
 ARG BUILD_DATE
 ARG BUILD_VERSION
 ARG COMMIT