Unable To Run Binary with setcap Net Capabilities

In attempting to run a private service using the Graylog Official Docker Images, I have discovered that the setcap command executed as part of their build causes a failure in a running Render container. Specifically, their build runs setcap 'cap_net_bind_service=+ep' "${JAVA_HOME}/bin/java" to enable Java to listen on ports below 1024 as a non-root user, but when attempting to execute java in a running container, an Operation not permitted error occurs.

I’ve built a simple test to be able to replicate this, including a Dockerfile and render.yaml that can be used, available in GitHub here: GitHub - morinap/render-setcap-test .

Please let me know if there is any way to start a docker container that allows these capabilities; Ideally I’d like to use the official Graylog images rather than having to build my own without the setcap call.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.