Fix data directory permissions and add missing capability to binary

2021-04-22 22:24:46 +02:00 · 2021-04-22 22:24:46 +02:00 · 22c54fb273
commit 22c54fb273
parent 6442f9f915
3 changed files with 8 additions and 4 deletions
--- a/build/docker/inetmock.dockerfile
+++ b/build/docker/inetmock.dockerfile
@ -23,19 +23,19 @@ COPY --chown=$USER:$GROUP assets/fakeFiles /var/lib/inetmock/fakeFiles/
 COPY --chown=$USER:$GROUP assets/demoCA /var/lib/inetmock/ca
 COPY config-container.yaml /etc/inetmock/config.yaml
-RUN mkdir -p /var/run/inetmock /var/lib/inetmock/certs /usr/lib/inetmock && \
+RUN mkdir -p /var/run/inetmock /var/lib/inetmock/ca /var/lib/inetmock/certs /var/lib/inetmock/data /usr/lib/inetmock && \
    chown -R $USER:$GROUP /var/run/inetmock /var/lib/inetmock /usr/lib/inetmock && \
    apk add -U --no-cache libcap
 RUN ln -s /usr/lib/inetmock/bin/inetmock /usr/bin/inetmock && \
    ln -s /usr/lib/inetmock/bin/imctl /usr/bin/imctl && \
-    setcap 'cap_net_bind_service=+ep' /usr/lib/inetmock/bin/inetmock
+    setcap 'cap_net_raw,cap_net_bind_service=eip' /usr/lib/inetmock/bin/inetmock
 HEALTHCHECK --interval=5s --timeout=1s \
    CMD imctl --socket-path /var/run/inetmock/inetmock.sock health container
 USER $USER
-VOLUME [ "/var/lib/inetmock/ca", "/var/lib/inetmock/certs" ]
+VOLUME [ "/var/lib/inetmock/data" ]
 ENTRYPOINT ["inetmock"]
--- a/cmd/inetmock/main.go
+++ b/cmd/inetmock/main.go
@ -54,7 +54,7 @@ func ensureDataDir(dataDirPath string) (cleanedPath string, err error) {
 		}
 	}
-	err = os.MkdirAll(cleanedPath, 0640)
+	err = os.MkdirAll(cleanedPath, 0750)
 	return
 }
--- a/config-container.yaml
+++ b/config-container.yaml
@ -54,6 +54,10 @@ x-http-handlers: &httpHandlers
      options:
        <<: *httpResponseRules
 data:
  pcap: /var/lib/inetmock/data/pcap
  audit: /var/lib/inetmock/data/audit
 api:
  listen: unix:///var/run/inetmock/inetmock.sock