From dd40312aeb2499d2c38f1e66447ed432a3e10f9c Mon Sep 17 00:00:00 2001
From: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
Date: Mon, 30 Jan 2023 12:34:52 +0100
Subject: [PATCH 1/2] .gitignore specify relative path for binary

---
 .gitignore | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 1d55a5d0..846616b2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,4 +24,4 @@ testbin/*
 *.swo
 *~
 .vscode/*
-node-feature-discovery-operator
\ No newline at end of file
+./node-feature-discovery-operator
\ No newline at end of file

From 7d7235abdf6363d93893754d3b93bdd96794e205 Mon Sep 17 00:00:00 2001
From: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
Date: Mon, 30 Jan 2023 15:06:35 +0100
Subject: [PATCH 2/2] Dockerfile: define numeric user to run unprivileged

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ddc9a304..c99ae210 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -21,8 +21,8 @@ FROM ${BASE_IMAGE_FULL} as full
 COPY --from=builder /workspace/node-feature-discovery-operator /
 COPY --from=builder /workspace/build/assets /opt/nfd
 
-RUN useradd nfd-operator
-USER nfd-operator
+# Run as unprivileged user
+USER 65534:65534
 
 ENTRYPOINT ["/node-feature-discovery-operator"]
 LABEL io.k8s.display-name="node-feature-discovery-operator"