From 63b2e4484d104b290544a7dd2752ef882a2abe43 Mon Sep 17 00:00:00 2001 From: Geoff Bourne Date: Fri, 2 Feb 2024 22:23:07 -0600 Subject: [PATCH] Apply cap_net_raw to knockd to allow rootless auto-pause (#2625) --- build/alpine/install-packages.sh | 4 +++- build/ol/install-packages.sh | 1 + build/ubuntu/install-packages.sh | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/build/alpine/install-packages.sh b/build/alpine/install-packages.sh index 393f3177..58b93530 100755 --- a/build/alpine/install-packages.sh +++ b/build/alpine/install-packages.sh @@ -26,9 +26,11 @@ apk add --no-cache -U \ zstd \ nfs-utils \ libpcap \ - libwebp + libwebp \ + libcap-utils # Patched knockd curl -fsSL -o /tmp/knock.tar.gz https://github.com/Metalcape/knock/releases/download/0.8.1/knock-0.8.1-alpine-amd64.tar.gz tar -xf /tmp/knock.tar.gz -C /usr/local/ && rm /tmp/knock.tar.gz ln -s /usr/local/sbin/knockd /usr/sbin/knockd +setcap cap_net_raw=ep /usr/local/sbin/knockd diff --git a/build/ol/install-packages.sh b/build/ol/install-packages.sh index f3126447..82f87abe 100755 --- a/build/ol/install-packages.sh +++ b/build/ol/install-packages.sh @@ -46,3 +46,4 @@ bash /build/ol/install-gosu.sh curl -fsSL -o /tmp/knock.tar.gz https://github.com/Metalcape/knock/releases/download/0.8.1/knock-0.8.1-$TARGET.tar.gz tar -xf /tmp/knock.tar.gz -C /usr/local/ && rm /tmp/knock.tar.gz ln -s /usr/local/sbin/knockd /usr/sbin/knockd +setcap cap_net_raw=ep /usr/local/sbin/knockd diff --git a/build/ubuntu/install-packages.sh b/build/ubuntu/install-packages.sh index 91c97ab0..5c4657d9 100755 --- a/build/ubuntu/install-packages.sh +++ b/build/ubuntu/install-packages.sh @@ -35,4 +35,5 @@ apt-get clean curl -fsSL -o /tmp/knock.tar.gz https://github.com/Metalcape/knock/releases/download/0.8.1/knock-0.8.1-$TARGET.tar.gz tar -xf /tmp/knock.tar.gz -C /usr/local/ && rm /tmp/knock.tar.gz ln -s /usr/local/sbin/knockd /usr/sbin/knockd +setcap cap_net_raw=ep /usr/local/sbin/knockd find /usr/lib -name 'libpcap.so.0.8' -execdir cp '{}' libpcap.so.1 \;