Set child process as 'foreground' in interactive mode to correctly bi…

…nd stdin Configure user in Dockerfile
doitintl · Apr 26, 2024 · e858599 · e858599
1 parent 4f20265
commit e858599
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -26,5 +26,8 @@ FROM busybox:1.36
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 # copy the binary to the production image from the builder stage.
 COPY --from=builder /go/src/app/.bin/secrets-init /secrets-init
+RUN adduser -D -u 1000 secrets-init
+USER 1000
+
 ENTRYPOINT ["/secrets-init"]
 CMD ["--version"]
diff --git a/main.go b/main.go
@@ -217,13 +217,16 @@ func run(ctx context.Context, provider secrets.Provider, exitEarly, interactive
 	cmd := exec.Command(commandStr, argsSlice...)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
+	// create a dedicated pidgroup used to forward signals to the main process and its children
+	procAttrs := &syscall.SysProcAttr{Setpgid: true}
 	// rebind stdin if -i flag is set
 	if interactive {
 		cmd.Stdin = os.Stdin
-	} else {
-		// create a dedicated pidgroup used to forward signals to the main process and its children
-		cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true}
+		// setting 'Foreground' to true will bind current TTY to the child process
+		procAttrs = &syscall.SysProcAttr{Setpgid: true, Foreground: true}
 	}
+	// set child process attributes
+	cmd.SysProcAttr = procAttrs
 
 	// set environment variables
 	if provider != nil {