From 4267e56c7146138c286ff274460f2b933a478b6f Mon Sep 17 00:00:00 2001
From: sose <sose-iwnl@protonmail.com>
Date: Mon, 14 Jun 2021 02:06:08 +0000
Subject: [PATCH] explicitly add container capablilities

---
 new_image.sh | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/new_image.sh b/new_image.sh
index 44dd32b..c1548a6 100755
--- a/new_image.sh
+++ b/new_image.sh
@@ -50,7 +50,19 @@ docker build \
 
 rm image/pubkey
 echo "Starting container..."
-container_id="$(docker run -p $user_sshd_port:$user_sshd_port -h slbr -d "slbr:$username")"
+container_id="$(
+    docker run \
+    --cap-drop ALL \
+    --cap-add AUDIT_WRITE \
+    --cap-add CHOWN \
+    --cap-add SETGID \
+    --cap-add SETPCAP \
+    --cap-add SETUID \
+    --cap-add SYS_CHROOT \
+    -p $user_sshd_port:$user_sshd_port \
+    -h slbr \
+    -d "slbr:$username"
+)"
 container_ip="$(
     docker container inspect "$container_id" \
     | jq '.[0].NetworkSettings.Networks.bridge.IPAddress'