In attempting to run a private service using the Graylog Official Docker Images, I have discovered that the setcap command executed as part of their build causes a failure in a running Render container. Specifically, their build runs setcap 'cap_net_bind_service=+ep' "${JAVA_HOME}/bin/java" to enable Java to listen on ports below 1024 as a non-root user, but when attempting to execute java in a running container, an Operation not permitted error occurs.
I’ve built a simple test to be able to replicate this, including a Dockerfile and render.yaml that can be used, available in GitHub here: GitHub - morinap/render-setcap-test .
Please let me know if there is any way to start a docker container that allows these capabilities; Ideally I’d like to use the official Graylog images rather than having to build my own without the setcap call.