Skip to content

Commit

Permalink
Call setcap(8) one time only.
Browse files Browse the repository at this point in the history 
The setcap(8) utility supports multiple arguments, so it's possible
to manage more than one permission for more than one file at the
same time.
  • Loading branch information
@osokin @pleshakov
osokin authored and pleshakov committed Dec 4, 2020
1 parent 4841668 commit 095a751
Show file tree
Hide file tree
Showing 9 changed files with 9 additions and 9 deletions.
2 changes: 1 addition & 1 deletion build/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ RUN mkdir -p /var/lib/nginx \
&& apt-get update \
&& apt-get install -y libcap2-bin \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
&& chown -R nginx:0 /etc/nginx \
&& chown -R nginx:0 /var/cache/nginx \
&& chown -R nginx:0 /var/lib/nginx \
Expand Down
2 changes: 1 addition & 1 deletion build/DockerfileForAlpine
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ RUN mkdir -p /etc/nginx/secrets \
&& mkdir -p /var/lib/nginx \
&& apk add --no-cache libcap \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
&& chown -R nginx:0 /etc/nginx \
&& chown -R nginx:0 /var/cache/nginx \
&& chown -R nginx:0 /var/lib/nginx \
Expand Down
2 changes: 1 addition & 1 deletion build/DockerfileForPlus
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ RUN --mount=type=secret,id=nginx-repo.crt \
&& printf "deb https://plus-pkgs.nginx.com/debian buster nginx-plus\n" > /etc/apt/sources.list.d/nginx-plus.list \
&& apt-get update && apt-get install -y nginx-plus=${NGINX_PLUS_VERSION} \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
&& apt-get remove --purge --auto-remove -y gnupg1 \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /etc/ssl/nginx \
Expand Down
2 changes: 1 addition & 1 deletion build/DockerfileWithOpentracing
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ RUN mkdir -p /var/lib/nginx \
&& apt-get update \
&& apt-get install -y libcap2-bin \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
&& chown -R nginx:0 /etc/nginx \
&& chown -R nginx:0 /var/cache/nginx \
&& chown -R nginx:0 /var/lib/nginx \
Expand Down
2 changes: 1 addition & 1 deletion build/DockerfileWithOpentracingForPlus
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ RUN --mount=type=secret,id=nginx-repo.crt \
# Install OpenTracing module
nginx-plus-module-opentracing=${NGINX_OPENTRACING_MODULE_VERSION} \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
&& apt-get remove --purge --auto-remove -y gnupg1 \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /etc/ssl/nginx \
Expand Down
2 changes: 1 addition & 1 deletion build/appprotect/DockerfileWithAppProtectForPlus
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ RUN --mount=type=secret,id=nginx-repo.crt \
&& apt-get install -y app-protect-attack-signatures${APPPROTECT_SIG_VERSION:+=$APPPROTECT_SIG_VERSION} \
&& apt-get install -y app-protect-threat-campaigns${APPPROTECT_THREAT_CAMPAIGNS_VERSION:+=$APPPROTECT_THREAT_CAMPAIGNS_VERSION} \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
&& apt-get remove --purge --auto-remove -y gnupg1 wget\
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /etc/ssl/nginx \
Expand Down
2 changes: 1 addition & 1 deletion build/appprotect/DockerfileWithAppProtectForPlusForOpenShift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ RUN --mount=type=secret,id=nginx-repo.crt \
&& yum install -y app-protect-attack-signatures${APPPROTECT_SIG_VERSION:+-$APPPROTECT_SIG_VERSION} \
&& yum install -y app-protect-threat-campaigns${APPPROTECT_THREAT_CAMPAIGNS_VERSION:+-$APPPROTECT_THREAT_CAMPAIGNS_VERSION} \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
&& yum remove -y wget \
&& rm -rf /etc/ssl/nginx \
&& rm /etc/yum.repos.d/nginx-plus-7.repo \
Expand Down
2 changes: 1 addition & 1 deletion build/openshift/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ RUN set -x \
&& mkdir -p /etc/nginx/secrets \
&& mkdir -p /etc/nginx/stream-conf.d \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
&& chown -R nginx:0 /etc/nginx \
&& chown -R nginx:0 /var/cache/nginx \
&& chown -R nginx:0 /var/lib/nginx \
Expand Down
2 changes: 1 addition & 1 deletion build/openshift/DockerfileForPlus
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ RUN --mount=type=secret,id=nginx-repo.crt \
&& echo "enabled=1" >> /etc/yum.repos.d/nginx-plus-8.repo \
&& yum install -y nginx-plus-${NGINX_PLUS_VERSION} \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
&& yum remove -y wget \
&& rm -rf /etc/ssl/nginx \
&& rm /etc/yum.repos.d/nginx-plus-8.repo \
Expand Down

0 comments on commit 095a751

Please sign in to comment.