diff --git a/Dockerfile b/Dockerfile index c8ca761..5648c46 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine:3.20 +FROM ghcr.io/linuxserver/baseimage-alpine:3.21 # set version label ARG BUILD_DATE diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 90daae0..4b0e4b7 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.20 +FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.21 # set version label ARG BUILD_DATE diff --git a/README.md b/README.md index 418350d..bf3a406 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,10 @@ Access the webui at `:5055`, for more information check out [Overseerr] This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/). +## Non-Root Operation + +This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/). + ## Usage To help you get started creating a container from this image you can either use docker-compose or the docker cli. @@ -126,6 +130,7 @@ Containers are configured using parameters passed at runtime (such as those abov | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). | | `-v /config` | Persistent config files | | `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). | +| `--user=1000:1000` | Run container with a non-root user. Please [read the docs](https://docs.linuxserver.io/misc/non-root/). | ## Environment variables from files (Docker secrets) @@ -289,6 +294,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **24.12.24:** - Rebase to Alpine 3.21. * **31.05.24:** - Rebase to Alpine 3.20. * **23.12.23:** - Rebase to Alpine 3.19. * **25.05.23:** - Rebase to Alpine 3.18, deprecate armhf. diff --git a/readme-vars.yml b/readme-vars.yml index 5bb051f..0b0e66d 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -26,6 +26,7 @@ param_usage_include_vols: true param_volumes: - {vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files"} readonly_supported: true +nonroot_supported: true # application setup block app_setup_block_enabled: true app_setup_block: | @@ -75,6 +76,7 @@ init_diagram: | "overseerr:latest" <- Base Images # changelog changelogs: + - {date: "24.12.24:", desc: "Rebase to Alpine 3.21."} - {date: "31.05.24:", desc: "Rebase to Alpine 3.20."} - {date: "23.12.23:", desc: "Rebase to Alpine 3.19."} - {date: "25.05.23:", desc: "Rebase to Alpine 3.18, deprecate armhf."} diff --git a/root/etc/s6-overlay/s6-rc.d/init-overseerr-config/run b/root/etc/s6-overlay/s6-rc.d/init-overseerr-config/run index 9a9bbe3..4f920f2 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-overseerr-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-overseerr-config/run @@ -3,7 +3,8 @@ mkdir -p /run/overseerr-temp -# permissions -lsiown -R abc:abc \ - /config \ - /run/overseerr-temp +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + lsiown -R abc:abc \ + /config \ + /run/overseerr-temp +fi diff --git a/root/etc/s6-overlay/s6-rc.d/svc-overseerr/run b/root/etc/s6-overlay/s6-rc.d/svc-overseerr/run index 18ee0d4..75c41a5 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-overseerr/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-overseerr/run @@ -3,6 +3,12 @@ export CONFIG_DIRECTORY="/config" -exec \ - s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 5055" \ - cd /app/overseerr s6-setuidgid abc /usr/bin/yarn start +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 5055" \ + cd /app/overseerr s6-setuidgid abc /usr/bin/yarn start +else + exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 5055" \ + cd /app/overseerr /usr/bin/yarn start +fi