From 2b59fc05a2bca244b419eeaa865ee9d25a53adbe Mon Sep 17 00:00:00 2001
From: "sean.melissari" <melissari_sean@bah.com>
Date: Thu, 12 Nov 2020 19:37:57 +0000
Subject: [PATCH] remove suid on ssh-keysign

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 136360b..ed11808 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,6 @@ ARG BASE_REGISTRY=registry1.dsop.io
 ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
 ARG BASE_TAG=8.3
 
-
 FROM ghcr.io/fluxcd/kustomize-controller:v0.2.1 as builder
 
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
@@ -24,8 +23,9 @@ COPY --from=builder /usr/local/bin/kubectl /usr/local/bin/kubectl
 RUN groupadd controller \
     && useradd -g controller -m controller \
     && chmod +x /sbin/tini \
-    && dnf install -y --nodocs git openssh-clients gnupg \
     && dnf update -y \
+    && dnf install -y --nodocs git openssh-clients gnupg \
+    && chmod -s /usr/libexec/openssh/ssh-keysign \
     && dnf clean all
 
 USER controller
-- 
GitLab