Add logs directory bind mount with entrypoint permission fix

- Add ./logs:/app/logs volume mount to docker-compose.yaml for log access - Create entrypoint.sh script that fixes directory ownership at startup - Install gosu in Dockerfile for secure privilege dropping - Use ENTRYPOINT to run permission fix as root, then drop to krawl user This ensures bind-mounted directories have correct permissions even when Docker creates them as root on the host.
2026-01-02 13:52:51 -06:00
parent d458eb471d
commit 349c149335
3 changed files with 18 additions and 3 deletions
--- a/12
+++ b/12
@@ -4,19 +4,25 @@ LABEL org.opencontainers.image.source=https://github.com/BlessedRebuS/Krawl

 WORKDIR /app

+# Install gosu for dropping privileges
+RUN apt-get update && apt-get install -y --no-install-recommends gosu && \
+    rm -rf /var/lib/apt/lists/*
+
 COPY requirements.txt /app/
 RUN pip install --no-cache-dir -r requirements.txt

 COPY src/ /app/src/
 COPY wordlists.json /app/
+COPY entrypoint.sh /app/

 RUN useradd -m -u 1000 krawl && \
-    chown -R krawl:krawl /app
-
-USER krawl
+    mkdir -p /app/logs /app/data && \
+    chown -R krawl:krawl /app && \
+    chmod +x /app/entrypoint.sh

 EXPOSE 5000

 ENV PYTHONUNBUFFERED=1

+ENTRYPOINT ["/app/entrypoint.sh"]
 CMD ["python3", "src/server.py"]
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -11,6 +11,7 @@ services:
    volumes:
      - ./wordlists.json:/app/wordlists.json:ro
      - ./config.yaml:/app/config.yaml:ro
+      - ./logs:/app/logs
    environment:
      - CONFIG_LOCATION=config.yaml
    restart: unless-stopped
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+set -e
+
+# Fix ownership of mounted directories
+chown -R krawl:krawl /app/logs /app/data 2>/dev/null || true
+
+# Drop to krawl user and run the application
+exec gosu krawl "$@"