Skip to content

Commit 86c49d1

Browse files
fix: change agent to run as same user in dockerfile (#3243)
Signed-off-by: Austin Abro <[email protected]>
1 parent 5943cea commit 86c49d1

File tree

2 files changed

+4
-4
lines changed

2 files changed

+4
-4
lines changed

Dockerfile

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,6 @@ ARG TARGETARCH
44
# 65532 is the UID of the `nonroot` user in chainguard/static. See: https://edu.chainguard.dev/chainguard/chainguard-images/reference/static/overview/#users
55
USER 65532:65532
66

7-
COPY --chown=65532:65532 "build/zarf-linux-$TARGETARCH" /zarf
7+
COPY --chown=65532:65532 --chmod=0700 "build/zarf-linux-$TARGETARCH" /zarf
88

99
CMD ["/zarf", "internal", "agent", "--log-level=debug", "--log-format=text", "--no-log-file"]

packages/zarf-agent/manifests/deployment.yaml

+3-3
Original file line numberDiff line numberDiff line change
@@ -23,9 +23,9 @@ spec:
2323
serviceAccountName: zarf
2424
# Security context to comply with restricted PSS
2525
securityContext:
26-
runAsUser: 1000
27-
fsGroup: 2000
28-
runAsGroup: 2000
26+
runAsUser: 65532
27+
fsGroup: 65532
28+
runAsGroup: 65532
2929
seccompProfile:
3030
type: "RuntimeDefault"
3131
containers:

0 commit comments

Comments
 (0)