In attempting to run a private service using the Graylog Official Docker Images, I have discovered that the setcap
command executed as part of their build causes a failure in a running Render container. Specifically, their build runs setcap 'cap_net_bind_service=+ep' "${JAVA_HOME}/bin/java"
to enable Java to listen on ports below 1024 as a non-root user, but when attempting to execute java
in a running container, an Operation not permitted
error occurs.
I’ve built a simple test to be able to replicate this, including a Dockerfile
and render.yaml
that can be used, available in GitHub here: GitHub - morinap/render-setcap-test .
Please let me know if there is any way to start a docker container that allows these capabilities; Ideally I’d like to use the official Graylog images rather than having to build my own without the setcap
call.