From 6df73ca465e433feab47f3dc8b093e79a275e437 Mon Sep 17 00:00:00 2001
From: Christbru <christbru@live.com>
Date: Sat, 18 Oct 2025 21:13:03 -0500
Subject: [PATCH] Migrate to non root container for best practice and to clear
 security warnings.

---
 rust-engine/Dockerfile | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/rust-engine/Dockerfile b/rust-engine/Dockerfile
index a8a1376..813bd81 100644
--- a/rust-engine/Dockerfile
+++ b/rust-engine/Dockerfile
@@ -59,15 +59,20 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \
     cargo build --release
 
 # --- Stage 2: Final, small image ---
+
 FROM debian:bookworm-slim
-# Install only necessary runtime dependencies
-RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \
-    ca-certificates \
-    libssl3 \
-    && rm -rf /var/lib/apt/lists/*
+# Install only necessary runtime dependencies (no upgrade, just ca-certificates)
+RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates && rm -rf /var/lib/apt/lists/*
+
+# Add a non-root user for security
+RUN useradd --system --uid 10001 --no-create-home --shell /usr/sbin/nologin appuser
 
 # Copy the compiled binary from the builder stage
+
+# Copy the compiled binary and set ownership
 COPY --from=builder /usr/src/app/target/release/rust-engine /usr/local/bin/rust-engine
+RUN chown appuser:appuser /usr/local/bin/rust-engine
 
 EXPOSE 8000
+USER appuser
 CMD ["rust-engine"]
\ No newline at end of file