Apply cap_net_raw to knockd to allow rootless auto-pause (#2625)

This commit is contained in:
Geoff Bourne 2024-02-02 22:23:07 -06:00 committed by GitHub
parent 600472d7eb
commit 63b2e4484d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 5 additions and 1 deletions

View file

@ -26,9 +26,11 @@ apk add --no-cache -U \
zstd \
nfs-utils \
libpcap \
libwebp
libwebp \
libcap-utils
# Patched knockd
curl -fsSL -o /tmp/knock.tar.gz https://github.com/Metalcape/knock/releases/download/0.8.1/knock-0.8.1-alpine-amd64.tar.gz
tar -xf /tmp/knock.tar.gz -C /usr/local/ && rm /tmp/knock.tar.gz
ln -s /usr/local/sbin/knockd /usr/sbin/knockd
setcap cap_net_raw=ep /usr/local/sbin/knockd

View file

@ -46,3 +46,4 @@ bash /build/ol/install-gosu.sh
curl -fsSL -o /tmp/knock.tar.gz https://github.com/Metalcape/knock/releases/download/0.8.1/knock-0.8.1-$TARGET.tar.gz
tar -xf /tmp/knock.tar.gz -C /usr/local/ && rm /tmp/knock.tar.gz
ln -s /usr/local/sbin/knockd /usr/sbin/knockd
setcap cap_net_raw=ep /usr/local/sbin/knockd

View file

@ -35,4 +35,5 @@ apt-get clean
curl -fsSL -o /tmp/knock.tar.gz https://github.com/Metalcape/knock/releases/download/0.8.1/knock-0.8.1-$TARGET.tar.gz
tar -xf /tmp/knock.tar.gz -C /usr/local/ && rm /tmp/knock.tar.gz
ln -s /usr/local/sbin/knockd /usr/sbin/knockd
setcap cap_net_raw=ep /usr/local/sbin/knockd
find /usr/lib -name 'libpcap.so.0.8' -execdir cp '{}' libpcap.so.1 \;