fix(repeater): add cap_net_raw+ep capabilities for node in Docker i…

…mage (#560) Running traceroute requires root access as it creates raw sockets. Since we use non-root user in Docker image, we need to allow the node to create raw sockets and listen of ICMP error packets. For that use the setcap command which comes in libcap package: ```sh $ setcap 'cap_net_raw+ep' $(which node) ``` Co-authored-by: Artem Derevnjuk <artem.derevnjuk@brightsec.com>
NeuraLegion · Jul 11, 2024 · 822f750 · 822f750
1 parent 5c5ee29
commit 822f750
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -44,6 +44,13 @@ RUN set -eux; \
     chmod -R g+rwX /home/node; \
     chown -R 1000 /home/node
 
+RUN set -eux; \
+    apk upgrade --no-cache; \
+    apk add --no-cache libcap; \
+    rm -rf /var/cache/apk/*
+
+RUN setcap 'cap_net_raw+ep' $(which node)
+
 # change workgin dir
 WORKDIR $HOME/