Revert "Drop root for Horizon service"

This reverts commit f9ccb1c882.

There are many issues with this patch that prevents it from working
under numerous circumstances. The implementation is entirely busted
on Ubuntu. Additionally, best practice for apache is to run as root.
Apache itself does the privlege dropping.

Change-Id: I4395debb7d32223fb3752a6d3e7c4d7672d29916
This commit is contained in:
Sam Yaple 2015-11-13 08:53:49 +00:00
parent 52bd56e686
commit 6ec1fabf65

View File

@ -56,25 +56,7 @@ RUN ln -s horizon-source/* horizon \
{% endif %}
# Set NET_BIND_SERVICE capability to httpd/apache2 so that it may run on
# ports lower than 1024.
# Set pidfile and log directory to be writeable by # the horizon user.
{% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
RUN setcap 'cap_net_bind_service=ep' /usr/sbin/httpd \
&& chown horizon: /run/httpd /etc/httpd/logs
{% elif base_distro in ['ubuntu'] %}
RUN setcap 'cap_net_bind_service=ep' /usr/sbin/apache2 \
&& chown -R horizon: /var/run/apache2 /var/log/apache2
{% endif %}
COPY extend_start.sh /usr/local/bin/kolla_extend_start
RUN chmod 755 /usr/local/bin/kolla_extend_start \
&& usermod -a -G kolla horizon
RUN chmod 755 /usr/local/bin/kolla_extend_start
{{ include_footer }}
USER horizon