File tree Expand file tree Collapse file tree 2 files changed +10
-3
lines changed Expand file tree Collapse file tree 2 files changed +10
-3
lines changed Original file line number Diff line number Diff line change @@ -14,7 +14,7 @@ RUN addgroup consul && \
1414 adduser -S -G consul consul
1515
1616# Set up certificates, our base tools, and Consul.
17- RUN apk add --no-cache ca-certificates curl gnupg openssl && \
17+ RUN apk add --no-cache ca-certificates curl gnupg libcap openssl && \
1818 gpg --recv-keys 91A6E7F85D05C65630BEF18951852D87348FFC4C && \
1919 mkdir -p /tmp/build && \
2020 cd /tmp/build && \
Original file line number Diff line number Diff line change @@ -78,10 +78,17 @@ if [ "$1" = 'consul' ]; then
7878 # If the data or config dirs are bind mounted then chown them.
7979 # Note: This checks for root ownership as that's the most common case.
8080 if [ " $( stat -c %u /consul/data) " = ' 0' ; then
81- chown consul:consul /consul/data
81+ chown consul:consul /consul/data
8282 fi
8383 if [ " $( stat -c %u /consul/config) " = ' 0' ; then
84- chown consul:consul /consul/config
84+ chown consul:consul /consul/config
85+ fi
86+
87+ # If requested, set the capability to bind to privileged ports before
88+ # we drop to the non-root user. Note that this doesn't work with all
89+ # storage drivers (it won't work with AUFS).
90+ if [ ! -z ${CONSUL_ALLOW_PRIVILEGED_PORTS+x} ]; then
91+ setcap " cap_net_bind_service=+ep"
8592 fi
8693
8794 set -- gosu consul " $@ "
You can’t perform that action at this time.
0 commit comments