From 845a7c0069c3d73a54f7c524eeb0060df65f6b1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Bjug=C3=A5rd?= <287697+abjugard@users.noreply.github.com> Date: Tue, 17 Jan 2023 12:28:11 +0100 Subject: [PATCH] Install libcap and run `setcap cap_net_bind_service=+eip` on caddy binary Mitigates #104 --- 2.6/alpine/Dockerfile | 5 +++-- Dockerfile.tmpl | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/2.6/alpine/Dockerfile b/2.6/alpine/Dockerfile index d79b7df..0128320 100644 --- a/2.6/alpine/Dockerfile +++ b/2.6/alpine/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.16 -RUN apk add --no-cache ca-certificates mailcap +RUN apk add --no-cache ca-certificates mailcap libcap RUN set -eux; \ mkdir -p \ @@ -30,6 +30,7 @@ RUN set -eux; \ echo "$checksum /tmp/caddy.tar.gz" | sha512sum -c; \ tar x -z -f /tmp/caddy.tar.gz -C /usr/bin caddy; \ rm -f /tmp/caddy.tar.gz; \ + setcap cap_net_bind_service=+ep /usr/bin/caddy; \ chmod +x /usr/bin/caddy; \ caddy version @@ -53,4 +54,4 @@ EXPOSE 2019 WORKDIR /srv -CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"] +CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"] \ No newline at end of file diff --git a/Dockerfile.tmpl b/Dockerfile.tmpl index 31fee04..9e9a978 100644 --- a/Dockerfile.tmpl +++ b/Dockerfile.tmpl @@ -1,6 +1,6 @@ {{ .base | strings.TrimSpace }} -RUN apk add --no-cache ca-certificates mailcap +RUN apk add --no-cache ca-certificates mailcap libcap RUN set -eux; \ mkdir -p \ @@ -30,6 +30,7 @@ RUN set -eux; \ echo "$checksum /tmp/caddy.tar.gz" | sha512sum -c; \ tar x -z -f /tmp/caddy.tar.gz -C /usr/bin caddy; \ rm -f /tmp/caddy.tar.gz; \ + setcap cap_net_bind_service=+ep /usr/bin/caddy; \ chmod +x /usr/bin/caddy; \ caddy version @@ -53,4 +54,4 @@ EXPOSE 2019 WORKDIR /srv -CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"] +CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"] \ No newline at end of file