chown knockd to minecraft user

Dockerfile

@@ -9,14 +9,11 @@ ARG TARGETOS
 ARG TARGETARCH
 ARG TARGETVARIANT
 
-# CI system should set this to a hash or git revision of the build directory and it's contents to
-# ensure consistent cache updates.
-ARG BUILD_FILES_REV=1
 RUN --mount=target=/build,source=build \
-    REV=${BUILD_FILES_REV} TARGET=${TARGETARCH}${TARGETVARIANT} /build/run.sh install-packages
+    /build/run.sh setup-user
 
 RUN --mount=target=/build,source=build \
-    REV=${BUILD_FILES_REV} /build/run.sh setup-user
+    TARGET=${TARGETARCH}${TARGETVARIANT} /build/run.sh install-packages
 
 COPY --chmod=644 files/sudoers* /etc/sudoers.d
 

build/alpine/install-packages.sh

@@ -26,9 +26,12 @@ apk add --no-cache -U \
     zstd \
     nfs-utils \
     libpcap \
-    libwebp
+    libwebp \
+    libcap
 
 # Patched knockd
 curl -fsSL -o /tmp/knock.tar.gz https://github.com/Metalcape/knock/releases/download/0.8.1/knock-0.8.1-alpine-amd64.tar.gz
 tar -xf /tmp/knock.tar.gz -C /usr/local/ && rm /tmp/knock.tar.gz
 ln -s /usr/local/sbin/knockd /usr/sbin/knockd
+setcap cap_net_raw=ep /usr/local/sbin/knockd
+chown minecraft /usr/local/sbin/knockd

build/ol/install-packages.sh

@@ -46,3 +46,5 @@ bash /build/ol/install-gosu.sh
 curl -fsSL -o /tmp/knock.tar.gz https://github.com/Metalcape/knock/releases/download/0.8.1/knock-0.8.1-$TARGET.tar.gz
 tar -xf /tmp/knock.tar.gz -C /usr/local/ && rm /tmp/knock.tar.gz
 ln -s /usr/local/sbin/knockd /usr/sbin/knockd
+setcap cap_net_raw=ep /usr/local/sbin/knockd
+chown minecraft /usr/local/sbin/knockd

build/ubuntu/install-packages.sh

@@ -35,4 +35,6 @@ apt-get clean
 curl -fsSL -o /tmp/knock.tar.gz https://github.com/Metalcape/knock/releases/download/0.8.1/knock-0.8.1-$TARGET.tar.gz
 tar -xf /tmp/knock.tar.gz -C /usr/local/ && rm /tmp/knock.tar.gz
 ln -s /usr/local/sbin/knockd /usr/sbin/knockd
+setcap cap_net_raw=ep /usr/local/sbin/knockd
+chown minecraft /usr/local/sbin/knockd
 find /usr/lib -name 'libpcap.so.0.8' -execdir cp '{}' libpcap.so.1 \;

docs/misc/autopause-autostop/autopause.md

@@ -38,6 +38,8 @@ The following environment variables define the behaviour of auto-pausing:
   describes period of the daemonized state machine, that handles the pausing of the process (resuming is done independently)
 - `AUTOPAUSE_KNOCK_INTERFACE`, default `eth0`
   <br>Describes the interface passed to the `knockd` daemon. If the default interface does not work, run the `ifconfig` command inside the container and derive the interface receiving the incoming connection from its output. The passed interface must exist inside the container. Using the loopback interface (`lo`) does likely not yield the desired results.
+- `AUTOPAUSE_SUDO`, default "true"
+  specifies if the knockd service should be run via sudo in order to elevate its privileges
 
 !!! tip
 

files/auto/autopause-daemon.sh

@@ -45,7 +45,11 @@ if isTrue "${DEBUG_AUTOPAUSE}"; then
   knockdArgs+=(-D)
 fi
 
-sudo /usr/local/sbin/knockd "${knockdArgs[@]}"
+if isTrue "${AUTOPAUSE_SUDO:-true}"; then
+  sudo /usr/local/sbin/knockd "${knockdArgs[@]}"
+else
+  /usr/local/sbin/knockd "${knockdArgs[@]}"
+fi
 if [ $? -ne 0 ] ; then
   logAutopause "Failed to start knockd daemon."
   logAutopause "Probable cause: Unable to attach to interface \"$AUTOPAUSE_KNOCK_INTERFACE\"."