From 7b35a22fe7b441a4878c295c07b75146603c0297 Mon Sep 17 00:00:00 2001
From: Shahriyar Jalayeri <shahriyar@zededa.com>
Date: Tue, 25 Jun 2024 17:53:11 +0300
Subject: [PATCH] Use fixed uid/gid for vtpm container

Use the fixed ids create in dom0 to run the VTPM container, this allows
to run the container as non-root user and have control over the access
control as described in #3986 .

Signed-off-by: Shahriyar Jalayeri <shahriyar@zededa.com>
---
 pkg/vtpm/Dockerfile | 2 +-
 pkg/vtpm/build.yml  | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/pkg/vtpm/Dockerfile b/pkg/vtpm/Dockerfile
index 1a749bf01d..d5ef60a18f 100644
--- a/pkg/vtpm/Dockerfile
+++ b/pkg/vtpm/Dockerfile
@@ -10,7 +10,7 @@
 # d) extracting only required bits from tpm2-tss and tpm2-tools
 #    and the server
 
-FROM lfedge/eve-dom0-ztools:0e2f436441764689b37aeeffeb4bea64c3c5a46e as dom0
+FROM lfedge/eve-dom0-ztools:b8eaeec19d373228a4a842374e5de0d50f050853 as dom0
 FROM lfedge/eve-alpine:1f7685f95a475c6bbe682f0b976f12180b6c8726 as build
 ENV BUILD_PKGS linux-headers git gcc g++ autoconf automake libtool doxygen make \
                openssl-dev protobuf-dev gnupg curl-dev patch json-c json-c-dev \
diff --git a/pkg/vtpm/build.yml b/pkg/vtpm/build.yml
index 8f9aace0fa..5105c66515 100644
--- a/pkg/vtpm/build.yml
+++ b/pkg/vtpm/build.yml
@@ -1,8 +1,10 @@
 image: eve-vtpm
 org: lfedge
 config:
-  uid: vtpm
-  gid: vtpm
+  # these ids must match the corresponding container specific user/group
+  # created in pkg/dom0-ztools 
+  uid: 101
+  gid: 101
   binds:
     - /dev:/dev
     - /run:/run