From 01d07083f8033531ca1666b899329ed47cb8ad24 Mon Sep 17 00:00:00 2001
From: Jason Montleon <jmontleo@redhat.com>
Date: Wed, 24 Jan 2024 12:27:05 -0500
Subject: [PATCH] :ghost: Improve running as non-root (#473)

With this change we can at least run as non-root.

I would also proprose moving binaries that need to be accessible to all
users be installed in /usr/local/bin. But as of right now it seems we
have configs (or something) hard coded to this location.

https://github.com/konveyor/java-analyzer-bundle/blob/main/Dockerfile#L41

https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s09.html

Signed-off-by: Jason Montleon <jmontleo@redhat.com>
---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 0f1d7ef8..0021e9b9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,7 +28,7 @@ RUN microdnf install gcc-c++ python-devel python3-devel -y
 RUN python3 -m ensurepip --upgrade
 RUN python3 -m pip install python-lsp-server
 
-COPY --from=jaeger-builder /go/bin/all-in-one-linux /usr/bin/
+COPY --from=jaeger-builder /go/bin/all-in-one-linux /usr/local/bin/all-in-one-linux
 
 COPY --from=yq-builder /usr/bin/yq /usr/bin/yq
 
@@ -41,6 +41,7 @@ COPY --from=builder /analyzer-lsp/external-providers/golang-dependency-provider/
 COPY provider_container_settings.json /analyzer-lsp/provider_settings.json
 
 WORKDIR /analyzer-lsp
+RUN chgrp -R 0 /analyzer-lsp && chmod -R g=u /analyzer-lsp
 
 EXPOSE 16686