Run mailman inside the container as a non-root process. (#31)

* Run as mailman user.

* Run mailman core process as a less-privileged mailman user.

* Add a `docker ps` to travis to know if any container died.

* Spit out more debug information in CI.

* Install su-exec properly.

.travis.yml

@@ -18,6 +18,9 @@ before_script:
   - docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mailman-web
   - docker-compose ps
   - sleep 30
+  - docker ps
+  - docker logs mailman-web
+  - docker logs mailman-core
 
 script:
    - tests/core.sh

core/Dockerfile

@@ -6,7 +6,7 @@ MAINTAINER Abhilash Raj
 # from the Gitlab.
 RUN apk update \
     && apk add --virtual build-deps gcc python3-dev musl-dev wget \
-	&& apk add postgresql-dev bash \
+	&& apk add postgresql-dev bash su-exec \
     && wget -O mailman.zip https://gitlab.com/mailman/mailman/repository/archive.zip?ref=master  \
 	&& wget -O mailman_hyperkitty.zip https://gitlab.com/mailman/mailman-hyperkitty/repository/archive.zip?ref=master  \
 	&& pip install mailman.zip mailman_hyperkitty.zip psycopg2 \
@@ -24,4 +24,6 @@ ENTRYPOINT ["/opt/run.sh"]
 
 ENV MAILMAN_CONFIG_FILE /config/mailman.cfg
 
+RUN adduser -S mailman
+
 CMD ["/usr/local/bin/master"]

core/assets/run.sh

@@ -122,4 +122,7 @@ base_url: $HYPERKITTY_URL
 api_key: $HYPERKITTY_API_KEY
 EOF
 
-exec "$@"
+# Now chown the places where mailman wants to write stuff.
+chown -R mailman /opt/mailman
+
+exec su-exec mailman "$@"