Skip to content

Commit

Permalink
Sets cap_net_raw capability on packet-headers binary
Browse files Browse the repository at this point in the history
This allows the pod to run as a non-root user with no special
capabilities.
  • Loading branch information
nkinkade committed Apr 7, 2023
1 parent fce28bd commit 2fce1bf
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ RUN chmod a+rx /go/bin/packet-headers

# Put it in its own image.
FROM alpine:3.16
RUN apk --no-cache add libpcap
RUN apk --no-cache add libpcap libcap
COPY --from=build /go/bin/packet-headers /packet-headers
RUN setcap cap_net_raw=ep /packet-headers
WORKDIR /
ENTRYPOINT ["/packet-headers"]

0 comments on commit 2fce1bf

Please sign in to comment.