From 1183fee5946aa55a00f552e3f1a33de9e7dd9b4e Mon Sep 17 00:00:00 2001
From: Alwin Mark <ama@crosscan.com>
Date: Tue, 29 Sep 2020 09:57:24 +0200
Subject: [PATCH] Enable Container run with readonly root filesystem

Therefore moved home directory into data volume and fix right of Erlang Cookie in case of reclaiming a volume on kubernetes.

fixes: #243
---
 Dockerfile     | 2 +-
 bin/vernemq.sh | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 2de7329..c07098f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@ RUN apt-get update && \
     apt-get -y install bash procps openssl iproute2 curl jq libsnappy-dev net-tools nano && \
     rm -rf /var/lib/apt/lists/* && \
     addgroup --gid 10000 vernemq && \
-    adduser --uid 10000 --system --ingroup vernemq --home /vernemq --disabled-password vernemq
+    adduser --uid 10000 --system --ingroup vernemq --home /vernemq/data/home --disabled-password vernemq
 
 WORKDIR /vernemq
 
diff --git a/bin/vernemq.sh b/bin/vernemq.sh
index b4666ff..9c41ec5 100755
--- a/bin/vernemq.sh
+++ b/bin/vernemq.sh
@@ -244,6 +244,9 @@ if [ ! -z "$DOCKER_VERNEMQ_ERLANG__DISTRIBUTION_BUFFER_SIZE" ]; then
     sed -i.bak -r "s/\+zdbbl.+/\+zdbbl ${DOCKER_VERNEMQ_ERLANG__DISTRIBUTION_BUFFER_SIZE}/" ${VERNEMQ_VM_ARGS_FILE}
 fi
 
+mkdir -p /vernemq/data/home
+chmod g-rwx /vernemq/data/home/.erlang.cookie
+
 # Check configuration file
 /vernemq/bin/vernemq config generate 2>&1 > /dev/null | tee /tmp/config.out | grep error