Run gtt as a non priveleged user in docker container

kriskbx / gitlab-time-tracker

🦊🕘 A command line interface for GitLab's time tracking feature.

GNU General Public License v2.0

452 stars 83 forks source link

Run gtt as a non priveleged user in docker container #117

Open juanluisbaptiste opened 4 years ago

juanluisbaptiste commented 4 years ago

Hi,

This PR fixes issue #104 , as PR #108 does not correctly set the volumes to access the gtt configuration file without having to mount the complete user home directory which is a security risk. It also uses a non privileged user to run gtt instead of the root user, which is also a security risk.

coveralls commented 4 years ago

Coverage remained the same at 65.979% when pulling 6d1ece0ba50dbbffc40d182f30a2ab9f2cd91311 on juanluisbaptiste:run_as_non_root_user into ec5ca47d2e45f087dccb6bbdddc970935a61c256 on kriskbx:master.