Revert "Drop root for Horizon service"

This reverts commit f9ccb1c8829cef551b875c7c387530e7980414a7.

There are many issues with this patch that prevents it from working
under numerous circumstances. The implementation is entirely busted
on Ubuntu. Additionally, best practice for apache is to run as root.
Apache itself does the privlege dropping.

Change-Id: I4395debb7d32223fb3752a6d3e7c4d7672d29916
This commit is contained in:
Sam Yaple 2015-11-13 08:53:49 +00:00
parent 52bd56e686
commit 6ec1fabf65

@ -56,25 +56,7 @@ RUN ln -s horizon-source/* horizon \
{% endif %}
# Set NET_BIND_SERVICE capability to httpd/apache2 so that it may run on
# ports lower than 1024.
# Set pidfile and log directory to be writeable by # the horizon user.
{% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
RUN setcap 'cap_net_bind_service=ep' /usr/sbin/httpd \
&& chown horizon: /run/httpd /etc/httpd/logs
{% elif base_distro in ['ubuntu'] %}
RUN setcap 'cap_net_bind_service=ep' /usr/sbin/apache2 \
&& chown -R horizon: /var/run/apache2 /var/log/apache2
{% endif %}
COPY extend_start.sh /usr/local/bin/kolla_extend_start
RUN chmod 755 /usr/local/bin/kolla_extend_start \
&& usermod -a -G kolla horizon
RUN chmod 755 /usr/local/bin/kolla_extend_start
{{ include_footer }}
USER horizon