From 1cf4924886c518cb192fbe50ac392a4a8459a98d Mon Sep 17 00:00:00 2001
From: George Adams <george.adams@microsoft.com>
Date: Fri, 10 Mar 2023 22:53:49 +0000
Subject: [PATCH] drop permissions of container to match host system (#8007)

---
 Dockerfile | 7 +++++++
 tfb        | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index b9854ebc9df..ba6f5df7a01 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,7 @@
 FROM ubuntu:18.04
 
+ARG USER_ID
+ARG GROUP_ID
 ARG DEBIAN_FRONTEND=noninteractive
 # WARNING: DON'T PUT A SPACE AFTER ANY BACKSLASH OR APT WILL BREAK
 # One -q produces output suitable for logging (mostly hides
@@ -29,4 +31,9 @@ RUN apt-get -yqq update && apt-get -yqq install \
 
 ENV FWROOT=/FrameworkBenchmarks PYTHONPATH=/FrameworkBenchmarks
 
+# Drop permissions of user to match those of the host system
+RUN addgroup --gid $GROUP_ID user
+RUN adduser --disabled-password --gecos '' --uid $USER_ID --gid $GROUP_ID user
+USER user
+
 ENTRYPOINT ["python", "/FrameworkBenchmarks/toolset/run-tests.py"]
diff --git a/tfb b/tfb
index 9f679dd489a..1a76528d8a9 100755
--- a/tfb
+++ b/tfb
@@ -102,5 +102,5 @@ if ! docker network inspect tfb >/dev/null 2>&1; then
 fi
 
 test -t 1 && USE_TTY="-t"
-docker build -t techempower/tfb - < ${SCRIPT_ROOT}/Dockerfile
+docker build -t techempower/tfb --build-arg USER_ID=$(id -u) --build-arg GROUP_ID=$(id -g) - < ${SCRIPT_ROOT}/Dockerfile
 exec docker run -i ${USE_TTY} ${EXTRA_DOCKER_ARGS} --rm --network tfb -v /var/run/docker.sock:/var/run/docker.sock -v ${SCRIPT_ROOT}:/FrameworkBenchmarks techempower/tfb "${@}"