From 8b471c5f877581545c7c8dba15e4caa4376dfdf0 Mon Sep 17 00:00:00 2001
From: Cyril Tovena <cyril.tovena@gmail.com>
Date: Sun, 16 Feb 2020 15:08:57 -0500
Subject: [PATCH] Non-root user docker image for Loki.

Signed-off-by: Cyril Tovena <cyril.tovena@gmail.com>
---
 cmd/loki/Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cmd/loki/Dockerfile b/cmd/loki/Dockerfile
index ecc9e5b1b668..7265b6d1c183 100644
--- a/cmd/loki/Dockerfile
+++ b/cmd/loki/Dockerfile
@@ -8,6 +8,9 @@ RUN make clean && (if [ "${TOUCH_PROTOS}" ]; then make touch-protos; fi) && make
 
 FROM alpine:3.9
 RUN apk add --update --no-cache ca-certificates
+RUN addgroup -g 1000 -S loki && \
+    adduser -u 1000 -S loki -G loki
+USER loki
 COPY --from=build /src/loki/cmd/loki/loki /usr/bin/loki
 COPY cmd/loki/loki-local-config.yaml /etc/loki/local-config.yaml
 EXPOSE 80