From c1c6b6d48eedb0110fab46a1149aa22ebef13798 Mon Sep 17 00:00:00 2001
From: ver4a <ver4a@uncontrol.me>
Date: Fri, 18 Apr 2025 01:13:58 +0200
Subject: [PATCH] Make capability removal logic more robust

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 207049b..bb4959e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,7 +26,7 @@ RUN mkdir /builder/.docker && chown -R 65534:65534 /builder/.docker
 
 RUN find / -mindepth 1 -path /proc -prune -or -path /sys -prune -or -path /dev -prune -or -type f -perm /6000 -exec sh -c "chmod ug-s '{}' && echo \"Removed setuid/setgid bit(s) from '{}'\"" \;
 
-RUN getcap -r / | awk '{ print $1 }' | xargs -I '{}' sh -c "setcap -r '{}' && echo \"Removed file capability bit(s) from '{}'\""
+RUN set -eo pipefail; getcap -r / | awk '{ print $1 }' | xargs -I '{}' sh -c "setcap -r '{}' && echo \"Removed file capability bit(s) from '{}'\""
 
 RUN setcap cap_setuid=ep /usr/bin/newuidmap cap_setgid=ep /usr/bin/newgidmap