-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gossa requires dac_override for some reason #34
Comments
interesting - just throwing this (untested) can you try using plain ubuntu docker image (instead of alpine) and with a gossa build with the cgo_enabled directive removed ? I'll merge your other PRs next week - probably along with the few other changes I did in #30 :) |
Testing: master...jeslinmx:hotfix ...nope, it doesn't work. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Following the recommendations on https://www.redhat.com/en/blog/secure-your-containers-one-weird-trick, I was seeing if I could secure my docker set-up a little by dropping all capabilities. This works fine on many containers without any changes, except those that bind to a port number below 1024 by default (since that requires net_bind_service).
For some reason, gossa is unable to make any changes to the volume mounted on /shared without dac_override (uploads and deletions just fail silently). From
man 7 capabilities
:Now, I don't know much about capabilities or how Go writes files, but 2 things have got me confused:
(I recognize this is probably not an issue with gossa but with my lack of understanding, so if anyone could indulge me with an explanation I would be extremely thankful)
The text was updated successfully, but these errors were encountered: