From 6fb4371044549fd3d2cba12e2c8ae77be518000c Mon Sep 17 00:00:00 2001
From: Scott Koranda <skoranda@gmail.com>
Date: Thu, 23 Dec 2021 14:17:07 -0600
Subject: [PATCH] Disable the mod_lua.so module

Disable the mod_lua.so module to address CVE-2021-44790.
See https://access.redhat.com/security/cve/cve-2021-44790.
---
 comanage-registry-internet2-tier/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/comanage-registry-internet2-tier/Dockerfile b/comanage-registry-internet2-tier/Dockerfile
index b239452..54c2f82 100644
--- a/comanage-registry-internet2-tier/Dockerfile
+++ b/comanage-registry-internet2-tier/Dockerfile
@@ -112,7 +112,8 @@ RUN cd /etc/httpd/conf.d \
     && ln -s ${COMANAGE_REGISTRY_DIR}/app/webroot registry \
     && rm -rf ${COMANAGE_REGISTRY_DIR}/local/* \
     && chown -R apache:apache ${COMANAGE_REGISTRY_DIR}/app/tmp \
-    && rm -f /etc/shibboleth/shibboleth2.xml
+    && rm -f /etc/shibboleth/shibboleth2.xml \
+    && rm -f /etc/httpd/conf.modules.d/mod_lua.so
 
 # Allow values for first administrator bootstrapped into the
 # platform to be specified at image build time, in addition to