How do I get setcap to work in Docker container?
I have a sample Dockerfile I would like help in getting working:
FROM alpine:3.3 RUN apk add --update libcap && rm -rf /var/cache/apk/* RUN setcap 'cap_net_bind_service=+ep' /bin/false
I receive the following output when attempting to build this image:
Failed to set capabilities on file `/bin/false' (Invalid argument) usage: setcap [-q] [-v] (-r|-|<caps>) <filename> [ ... (-r|-|<capsN>) <filenameN> ] Note <filename> must be a regular (non-symlink) file. The command '/bin/sh -c setcap 'cap_net_bind_service=+ep' /bin/false' returned a non-zero code: 1
I've tried the same thing using a Docker container based on a Ubuntu image.
From what I can gather this is due to a kernel feature not being enabled. I've spent a few hours but unfortunately I haven't been able to figure out how to make this work.
More information can be found here:
The same build functions correctly on a few other servers I use. I need this feature because I would like to run the Caddy web server in a Docker container without root privileges.