Revert "Drop root for Horizon service"
This reverts commit f9ccb1c882
.
There are many issues with this patch that prevents it from working
under numerous circumstances. The implementation is entirely busted
on Ubuntu. Additionally, best practice for apache is to run as root.
Apache itself does the privlege dropping.
Change-Id: I4395debb7d32223fb3752a6d3e7c4d7672d29916
This commit is contained in:
parent
52bd56e686
commit
6ec1fabf65
@ -56,25 +56,7 @@ RUN ln -s horizon-source/* horizon \
|
|||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
# Set NET_BIND_SERVICE capability to httpd/apache2 so that it may run on
|
|
||||||
# ports lower than 1024.
|
|
||||||
# Set pidfile and log directory to be writeable by # the horizon user.
|
|
||||||
{% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
|
|
||||||
|
|
||||||
RUN setcap 'cap_net_bind_service=ep' /usr/sbin/httpd \
|
|
||||||
&& chown horizon: /run/httpd /etc/httpd/logs
|
|
||||||
|
|
||||||
{% elif base_distro in ['ubuntu'] %}
|
|
||||||
|
|
||||||
RUN setcap 'cap_net_bind_service=ep' /usr/sbin/apache2 \
|
|
||||||
&& chown -R horizon: /var/run/apache2 /var/log/apache2
|
|
||||||
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
||||||
RUN chmod 755 /usr/local/bin/kolla_extend_start \
|
RUN chmod 755 /usr/local/bin/kolla_extend_start
|
||||||
&& usermod -a -G kolla horizon
|
|
||||||
|
|
||||||
{{ include_footer }}
|
{{ include_footer }}
|
||||||
|
|
||||||
USER horizon
|
|
||||||
|
Loading…
Reference in New Issue
Block a user