From 9aa8a18f6becbec43a964e4ede167fde2cc44d6e Mon Sep 17 00:00:00 2001
From: "Akihiko (Aki) Kuroda" <16141898+akihikokuroda@users.noreply.github.com>
Date: Thu, 18 Jan 2024 08:29:29 -0500
Subject: [PATCH] fix Privilege and Configuration issues (#1160)

* fix asoc sast PrivilegeEscalation and Configuration issues

Signed-off-by: Akihiko Kuroda <akihikokuroda2020@gmail.com>
---
 .github/workflows/docker-build.yaml | 2 +-
 Dockerfile-notebook                 | 3 ++-
 docker-compose-dev.yaml             | 7 ++++---
 docker-compose.yaml                 | 7 ++++---
 4 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index afada8090..d15029a91 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -7,7 +7,7 @@ on:
 jobs:
   tests:
     runs-on: ubuntu-latest
-    timeout-minutes: 30
+    timeout-minutes: 45
     steps:
       - uses: actions/checkout@v3
       - name: Build the containers
diff --git a/Dockerfile-notebook b/Dockerfile-notebook
index 585bd0f84..ba482a138 100644
--- a/Dockerfile-notebook
+++ b/Dockerfile-notebook
@@ -15,7 +15,8 @@ USER $NB_UID
 COPY --chown=$NB_UID:$NB_UID ./client ./qs
 
 WORKDIR /qs
-RUN pip install . --no-cache-dir &&\
+RUN pip install --upgrade pip &&\
+    pip install . --no-cache-dir &&\
     pip install --no-cache-dir -r requirements-notebook.txt
 
 WORKDIR /
diff --git a/docker-compose-dev.yaml b/docker-compose-dev.yaml
index 719c7ea78..cfc0a54c5 100644
--- a/docker-compose-dev.yaml
+++ b/docker-compose-dev.yaml
@@ -26,9 +26,8 @@ services:
     ]
     ports:
       - 8265:8265
-    privileged: true
     volumes:
-      - /dev/shm:/dev/shm
+      - host-shm:/dev/shm
     networks:
       - safe-tier
   postgres:
@@ -143,7 +142,7 @@ services:
     image: grafana/promtail:2.8.4
     profiles: [ "full" ]
     volumes:
-      - /var/log:/var/log
+      - host-log:/var/log
     command: -config.file=/etc/promtail/config.yml
     networks:
       - safe-tier
@@ -158,3 +157,5 @@ networks:
   safe-tier:
 volumes:
   program-artifacts:
+  host-shm:
+  host-log:
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 4390c3d98..3e38b1558 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -20,9 +20,8 @@ services:
     ]
     ports:
       - 8265:8265
-    privileged: true
     volumes:
-      - /dev/shm:/dev/shm
+      - host-shm:/dev/shm
     networks:
       - safe-tier
   postgres:
@@ -131,7 +130,7 @@ services:
     image: grafana/promtail:2.8.4
     profiles: [ "full" ]
     volumes:
-      - /var/log:/var/log
+      - host-log:/var/log
     command: -config.file=/etc/promtail/config.yml
     networks:
       - safe-tier
@@ -146,3 +145,5 @@ networks:
   safe-tier:
 volumes:
   program-artifacts:
+  host-shm:
+  host-log: