ver4a/oci-builder
1
0
Fork 0
Code Activity Actions

Make capability removal logic more robust
Some checks failed
/ Test oci-builder (push) Has been skipped
Details
/ Release oci-builder (push) Has been skipped
Details
/ Build oci-builder (push) Failing after 55s
Details

Browse source
This commit is contained in:
ver4a 2025-04-18 01:13:58 +02:00
parent 37483da0f5
commit c1c6b6d48e
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Dockerfile
View file

@ -26,7 +26,7 @@ RUN mkdir /builder/.docker && chown -R 65534:65534 /builder/.docker
RUN find / -mindepth 1 -path /proc -prune -or -path /sys -prune -or -path /dev -prune -or -type f -perm /6000 -exec sh -c "chmod ug-s '{}' && echo \"Removed setuid/setgid bit(s) from '{}'\"" \;
RUN getcap -r / | awk '{ print $1 }' | xargs -I '{}' sh -c "setcap -r '{}' && echo \"Removed file capability bit(s) from '{}'\""
RUN set -eo pipefail; getcap -r / | awk '{ print $1 }' | xargs -I '{}' sh -c "setcap -r '{}' && echo \"Removed file capability bit(s) from '{}'\""
RUN setcap cap_setuid=ep /usr/bin/newuidmap cap_setgid=ep /usr/bin/newgidmap