Revert "Drop root for Horizon service"

This reverts commit f9ccb1c882. There are many issues with this patch that prevents it from working under numerous circumstances. The implementation is entirely busted on Ubuntu. Additionally, best practice for apache is to run as root. Apache itself does the privlege dropping. Change-Id: I4395debb7d32223fb3752a6d3e7c4d7672d29916
2015-11-13 08:53:49 +00:00 · 2015-11-13 08:53:49 +00:00 · 6ec1fabf65
commit 6ec1fabf65
parent 52bd56e686
1 changed files with 1 additions and 19 deletions
--- a/docker/horizon/Dockerfile.j2
+++ b/docker/horizon/Dockerfile.j2
@ -56,25 +56,7 @@ RUN ln -s horizon-source/* horizon \

 {% endif %}

-# Set NET_BIND_SERVICE capability to httpd/apache2 so that it may run on
-# ports lower than 1024.
-#  Set pidfile and log directory to be writeable by # the horizon user.
-{% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
-
-RUN setcap 'cap_net_bind_service=ep' /usr/sbin/httpd \
-    && chown horizon: /run/httpd /etc/httpd/logs
-
-{% elif base_distro in ['ubuntu'] %}
-
-RUN setcap 'cap_net_bind_service=ep' /usr/sbin/apache2 \
-    && chown -R horizon: /var/run/apache2 /var/log/apache2
-
-{% endif %}
-
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start \
-     && usermod -a -G kolla horizon
+RUN chmod 755 /usr/local/bin/kolla_extend_start

 {{ include_footer }}
-
-USER horizon