run msfconsole as non root user in docker

docker-compose.yml

@@ -12,7 +12,7 @@ services:
     ports:
       - 4444:4444
     volumes:
-      - $HOME/.msf4:/root/.msf4
+      - $HOME/.msf4:/home/msf/.msf4
 
   db:
     image: postgres:9.6

docker/Dockerfile

@@ -3,6 +3,7 @@ MAINTAINER Rapid7
 
 ARG BUNDLER_ARGS="--jobs=8 --without development test coverage"
 ENV APP_HOME /usr/src/metasploit-framework/
+ENV MSF_USER msf
 WORKDIR $APP_HOME
 
 COPY Gemfile* m* Rakefile $APP_HOME
@@ -16,6 +17,7 @@ RUN apk update && \
       # needed as long as metasploit-framework.gemspec contains a 'git ls'
       git \
       ncurses \
+      libcap \
     && apk add --virtual .ruby-builddeps \
       autoconf \
       bison \
@@ -32,12 +34,19 @@ RUN apk update && \
       yaml-dev \
       zlib-dev \
       ncurses-dev \
-      bison \
-      autoconf \
     && echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
     && bundle install --system $BUNDLER_ARGS \
     && apk del .ruby-builddeps \
     && rm -rf /var/cache/apk/*
 
+# fix for robots gem not readable (known bug)
+# https://github.com/rapid7/metasploit-framework/issues/6068
+RUN chmod o+r /usr/local/bundle/gems/robots-*/lib/robots.rb
+
+RUN adduser -g msfconsole -D $MSF_USER
+
+USER $MSF_USER
+
 ADD ./ $APP_HOME
+
 CMD ["./msfconsole", "-r", "docker/msfconsole.rc"]