| |
@@ -4,8 +4,11 @@
|
| |
|
| |
/usr/bin/supervisord -c /etc/supervisord.conf
|
| |
|
| |
- cd /usr/share/copr/coprs_frontend/ && python3 ./manage.py create_db --alembic alembic.ini
|
| |
- python3 /usr/share/copr/coprs_frontend/manage.py create_chroot fedora-{26,27,rawhide}-{i386,x86_64} epel-{6,7}-x86_64 epel-6-i386
|
| |
+ chown -R copr-fe:copr-fe /var/log/copr-frontend
|
| |
+ chown -R copr-fe:copr-fe /usr/share/copr
|
| |
+
|
| |
+ cd /usr/share/copr/coprs_frontend/ && sudo -u copr-fe copr-frontend create_db --alembic alembic.ini
|
| |
+ sudo -u copr-fe copr-frontend create_chroot fedora-{26,27,rawhide}-{i386,x86_64} epel-{6,7}-x86_64 epel-6-i386
|
| |
|
| |
|
| |
# selinux: make data dir writeable for httpd
|
| |
@@ -15,8 +18,6 @@
|
| |
# data under /usr/share/copr/. Discuss this with peers.
|
| |
chcon -R -t httpd_sys_rw_content_t /usr/share/copr/data
|
| |
|
| |
- chown -R copr-fe:copr-fe /var/log/copr-frontend
|
| |
- chown -R copr-fe:copr-fe /usr/share/copr
|
| |
|
| |
|
| |
echo "#########################################################"
|
| |
I don't want to make some press here, I'm overall +1 to this PR; but correct
thing to do would be to never run anything in docker as root (== root on host,
unless user namespaces); usually is better practice to:
RUN useradd
in Dockerfile, thenUSER copr-fe
(or something) in DockerfileWhat I see suspicious is that we need to write anything into /usr/share ...
/usr should be ideally read only.