explicitly add container capablilities

2021-06-14 02:06:08 +00:00 · 2021-06-14 02:06:08 +00:00 · 4267e56c71
parent 18ffc84379
commit 4267e56c71
1 changed files with 13 additions and 1 deletions
--- a/new_image.sh
+++ b/new_image.sh
@ -50,7 +50,19 @@ docker build \

 rm image/pubkey
 echo "Starting container..."
-container_id="$(docker run -p $user_sshd_port:$user_sshd_port -h slbr -d "slbr:$username")"
+container_id="$(
+    docker run \
+    --cap-drop ALL \
+    --cap-add AUDIT_WRITE \
+    --cap-add CHOWN \
+    --cap-add SETGID \
+    --cap-add SETPCAP \
+    --cap-add SETUID \
+    --cap-add SYS_CHROOT \
+    -p $user_sshd_port:$user_sshd_port \
+    -h slbr \
+    -d "slbr:$username"
+)"
 container_ip="$(
    docker container inspect "$container_id" \
    | jq '.[0].NetworkSettings.Networks.bridge.IPAddress'