From c56250de36d2dfae5a30f08cb4d50bd1a0c8477e Mon Sep 17 00:00:00 2001
From: Tristan Cacqueray <tdecacqu@redhat.com>
Date: Fri, 5 Apr 2019 08:01:45 +0000
Subject: [PATCH] Dockerfile: create a zuul user with uid 10001

This change creates an unprivileged user zuul (uid 10001) to run the
zuul service.

Change-Id: I8bd2cafbe9d2e7580407262c035e50e2e3be474e
---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 2b474b9d37..1a657584b9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -40,12 +40,13 @@ RUN echo "deb http://ftp.debian.org/debian stretch-backports main" >> /etc/apt/s
 RUN /output/install-from-bindep \
   && pip install --cache-dir=/output/wheels -r /output/zuul_base/requirements.txt \
   && rm -rf /output
+RUN useradd -u 10001 -m -d /var/lib/zuul -c "Zuul Daemon" zuul
+
 VOLUME /var/lib/zuul
 CMD ["/usr/local/bin/zuul"]
 
 FROM zuul as zuul-executor
 COPY --from=builder /usr/local/lib/zuul/ /usr/local/lib/zuul
-
 CMD ["/usr/local/bin/zuul-executor"]
 
 FROM zuul as zuul-fingergw