Skip to content

Commit 587d843

Browse files
osokinosokin
committed
Call setcap(8) one time only.
The setcap(8) utility supports multiple arguments, so it's possible to manage more than one permission for more than one file at the same time.
1 parent 4841668 commit 587d843

File tree

9 files changed

+9
-9
lines changed

9 files changed

+9
-9
lines changed

build/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ RUN mkdir -p /var/lib/nginx \
1414
&& apt-get update \
1515
&& apt-get install -y libcap2-bin \
1616
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
17-
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
17+
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
1818
&& chown -R nginx:0 /etc/nginx \
1919
&& chown -R nginx:0 /var/cache/nginx \
2020
&& chown -R nginx:0 /var/lib/nginx \

build/DockerfileForAlpine

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ RUN mkdir -p /etc/nginx/secrets \
1313
&& mkdir -p /var/lib/nginx \
1414
&& apk add --no-cache libcap \
1515
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
16-
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
16+
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
1717
&& chown -R nginx:0 /etc/nginx \
1818
&& chown -R nginx:0 /var/cache/nginx \
1919
&& chown -R nginx:0 /var/lib/nginx \

build/DockerfileForPlus

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ RUN --mount=type=secret,id=nginx-repo.crt \
3838
&& printf "deb https://plus-pkgs.nginx.com/debian buster nginx-plus\n" > /etc/apt/sources.list.d/nginx-plus.list \
3939
&& apt-get update && apt-get install -y nginx-plus=${NGINX_PLUS_VERSION} \
4040
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
41-
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
41+
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
4242
&& apt-get remove --purge --auto-remove -y gnupg1 \
4343
&& rm -rf /var/lib/apt/lists/* \
4444
&& rm -rf /etc/ssl/nginx \

build/DockerfileWithOpentracing

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ RUN mkdir -p /var/lib/nginx \
8080
&& apt-get update \
8181
&& apt-get install -y libcap2-bin \
8282
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
83-
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
83+
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
8484
&& chown -R nginx:0 /etc/nginx \
8585
&& chown -R nginx:0 /var/cache/nginx \
8686
&& chown -R nginx:0 /var/lib/nginx \

build/DockerfileWithOpentracingForPlus

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ RUN --mount=type=secret,id=nginx-repo.crt \
5151
# Install OpenTracing module
5252
nginx-plus-module-opentracing=${NGINX_OPENTRACING_MODULE_VERSION} \
5353
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
54-
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
54+
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
5555
&& apt-get remove --purge --auto-remove -y gnupg1 \
5656
&& rm -rf /var/lib/apt/lists/* \
5757
&& rm -rf /etc/ssl/nginx \

build/appprotect/DockerfileWithAppProtectForPlus

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ RUN --mount=type=secret,id=nginx-repo.crt \
5858
&& apt-get install -y app-protect-attack-signatures${APPPROTECT_SIG_VERSION:+=$APPPROTECT_SIG_VERSION} \
5959
&& apt-get install -y app-protect-threat-campaigns${APPPROTECT_THREAT_CAMPAIGNS_VERSION:+=$APPPROTECT_THREAT_CAMPAIGNS_VERSION} \
6060
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
61-
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
61+
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
6262
&& apt-get remove --purge --auto-remove -y gnupg1 wget\
6363
&& rm -rf /var/lib/apt/lists/* \
6464
&& rm -rf /etc/ssl/nginx \

build/appprotect/DockerfileWithAppProtectForPlusForOpenShift

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ RUN --mount=type=secret,id=nginx-repo.crt \
6161
&& yum install -y app-protect-attack-signatures${APPPROTECT_SIG_VERSION:+-$APPPROTECT_SIG_VERSION} \
6262
&& yum install -y app-protect-threat-campaigns${APPPROTECT_THREAT_CAMPAIGNS_VERSION:+-$APPPROTECT_THREAT_CAMPAIGNS_VERSION} \
6363
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
64-
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
64+
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
6565
&& yum remove -y wget \
6666
&& rm -rf /etc/ssl/nginx \
6767
&& rm /etc/yum.repos.d/nginx-plus-7.repo \

build/openshift/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ RUN set -x \
2525
&& mkdir -p /etc/nginx/secrets \
2626
&& mkdir -p /etc/nginx/stream-conf.d \
2727
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
28-
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
28+
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
2929
&& chown -R nginx:0 /etc/nginx \
3030
&& chown -R nginx:0 /var/cache/nginx \
3131
&& chown -R nginx:0 /var/lib/nginx \

build/openshift/DockerfileForPlus

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ RUN --mount=type=secret,id=nginx-repo.crt \
4545
&& echo "enabled=1" >> /etc/yum.repos.d/nginx-plus-8.repo \
4646
&& yum install -y nginx-plus-${NGINX_PLUS_VERSION} \
4747
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
48-
&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
48+
'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
4949
&& yum remove -y wget \
5050
&& rm -rf /etc/ssl/nginx \
5151
&& rm /etc/yum.repos.d/nginx-plus-8.repo \

0 commit comments

Comments
 (0)