Unverified Commit 069df69d authored by reimda's avatar reimda Committed by GitHub
Browse files

Switch to su to run telegraf as non-root (#544)

parent 792a79de
......@@ -30,8 +30,6 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" && \
EXPOSE 8125/udp 8092/udp 8094
USER telegraf
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["telegraf"]
FROM alpine:3.14
RUN echo 'hosts: files dns' >> /etc/nsswitch.conf
RUN apk add --no-cache iputils ca-certificates net-snmp-tools procps lm_sensors tzdata && \
RUN apk add --no-cache iputils ca-certificates net-snmp-tools procps lm_sensors tzdata su-exec && \
update-ca-certificates
ENV TELEGRAF_VERSION 1.18.3
......@@ -32,8 +32,6 @@ RUN set -ex && \
EXPOSE 8125/udp 8092/udp 8094
USER telegraf
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["telegraf"]
......@@ -5,4 +5,8 @@ if [ "${1:0:1}" = '-' ]; then
set -- telegraf "$@"
fi
exec "$@"
if [ $EUID -ne 0 ]; then
exec "$@"
else
exec su-exec telegraf "$@"
fi
......@@ -5,4 +5,8 @@ if [ "${1:0:1}" = '-' ]; then
set -- telegraf "$@"
fi
exec "$@"
if [ $EUID -ne 0 ]; then
exec "$@"
else
exec setpriv --reuid telegraf --init-groups "$@"
fi
......@@ -30,8 +30,6 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" && \
EXPOSE 8125/udp 8092/udp 8094
USER telegraf
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["telegraf"]
FROM alpine:3.14
RUN echo 'hosts: files dns' >> /etc/nsswitch.conf
RUN apk add --no-cache iputils ca-certificates net-snmp-tools procps lm_sensors tzdata && \
RUN apk add --no-cache iputils ca-certificates net-snmp-tools procps lm_sensors tzdata su-exec && \
update-ca-certificates
ENV TELEGRAF_VERSION 1.19.3
......@@ -32,8 +32,6 @@ RUN set -ex && \
EXPOSE 8125/udp 8092/udp 8094
USER telegraf
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["telegraf"]
......@@ -5,4 +5,8 @@ if [ "${1:0:1}" = '-' ]; then
set -- telegraf "$@"
fi
exec "$@"
if [ $EUID -ne 0 ]; then
exec "$@"
else
exec su-exec telegraf "$@"
fi
......@@ -5,4 +5,8 @@ if [ "${1:0:1}" = '-' ]; then
set -- telegraf "$@"
fi
exec "$@"
if [ $EUID -ne 0 ]; then
exec "$@"
else
exec setpriv --reuid telegraf --init-groups "$@"
fi
......@@ -30,8 +30,6 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" && \
EXPOSE 8125/udp 8092/udp 8094
USER telegraf
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["telegraf"]
FROM alpine:3.14
RUN echo 'hosts: files dns' >> /etc/nsswitch.conf
RUN apk add --no-cache iputils ca-certificates net-snmp-tools procps lm_sensors tzdata && \
RUN apk add --no-cache iputils ca-certificates net-snmp-tools procps lm_sensors tzdata su-exec && \
update-ca-certificates
ENV TELEGRAF_VERSION 1.20.3
......@@ -32,8 +32,6 @@ RUN set -ex && \
EXPOSE 8125/udp 8092/udp 8094
USER telegraf
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["telegraf"]
......@@ -5,4 +5,8 @@ if [ "${1:0:1}" = '-' ]; then
set -- telegraf "$@"
fi
exec "$@"
if [ $EUID -ne 0 ]; then
exec "$@"
else
exec su-exec telegraf "$@"
fi
......@@ -5,4 +5,8 @@ if [ "${1:0:1}" = '-' ]; then
set -- telegraf "$@"
fi
exec "$@"
if [ $EUID -ne 0 ]; then
exec "$@"
else
exec setpriv --reuid telegraf --init-groups "$@"
fi
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment