Merge pull request #130 from matusmarhefka/dockerfile-help

container/help.sh: updated to not run in privileged container

Author: matejak

container/help.sh

@@ -1,19 +1,19 @@
 #!/bin/bash
 
-DOCKER="/usr/bin/docker"
-SELF=$1
+DOCKERFILE="/root/Dockerfile"
 
-VERSION=$(${DOCKER} inspect -f '{{ index .Config.Labels "version" }}' ${SELF})
-RELEASE=$(${DOCKER} inspect -f '{{ index .Config.Labels "release" }}' ${SELF})
+VERSION=$(grep ' version=' $DOCKERFILE | sed 's|.*version="\(.*\)".*|\1|')
+RELEASE=$(grep ' release=' $DOCKERFILE | sed 's|.*release="\(.*\)".*|\1|')
 if [ -z ${RELEASE} ]; then
-	echo -e "${SELF} image version: ${VERSION}\n"
+	echo -e "Image version: ${VERSION}\n"
 else
-	echo -e "${SELF} image version: ${VERSION}-${RELEASE}\n"
+	echo -e "Image version: ${VERSION}-${RELEASE}\n"
 fi
 
-DESCRIPTION=$(${DOCKER} inspect -f '{{ index .Config.Labels "description" }}' ${SELF})
+DESCRIPTION=$(grep ' description=' $DOCKERFILE \
+	| sed 's|.*description="\(.*\)".*|\1|')
 echo -e "Description:\n${DESCRIPTION}\n"
 
-echo "OpenSCAP packages bundled in ${SELF} image:"
+echo "OpenSCAP packages bundled in the image:"
 rpm -qa | grep openscap
 rpm -qa | grep scap-security-guide

generate-dockerfile.py

@@ -20,7 +20,7 @@
     ("io.openshift.tags", "security openscap scan"),
     ("install", "docker run --rm --privileged -v /:/host/ IMAGE sh /root/install.sh IMAGE"),
     ("run", "docker run -it --rm -v /:/host/ IMAGE sh /root/run.sh"),
-    ("help", "docker run --rm --privileged -v /usr/bin:/usr/bin -v /var/run:/var/run -v /lib:/lib -v /lib64:/lib64 -v /etc/sysconfig:/etc/sysconfig IMAGE sh /root/help.sh IMAGE"),
+    ("help", "docker run -it --rm IMAGE sh /root/help.sh"),
 ]
 
 packages = {
@@ -36,6 +36,7 @@
     ("container/config.ini", "/root/"),
     ("container/remediate.py", "/root/"),
     ("container/help.sh", "/root/"),
+    ("Dockerfile", "/root/"),
 ]
 env_variables = [
     ("container", "docker")