Details
-
Bug
-
Resolution: Fixed
-
Medium
Description
Hey, when I execute setcap "cap_net_bind_service=+ep" /usr/sbin/apache2 in my Dockerfile, the build pipeline fails with:
Failed to set capabilities on file `/usr/sbin/apache2' (Operation not permitted) The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
The relevant part of the pipeline is:
- step:
name: build
image: atlassian/default-image:2
script:
- docker info
- docker build -t app .
Usually this error message is related to aufs storage but here docker info gives:
Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 18.06.1-ce Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Authorization: pipelines Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e runc version: 69663f0bd4b60df09991c08812a60108003fa340 init version: fec3683 Security Options: seccomp Profile: default userns Kernel Version: 4.14.63-coreos Operating System: Alpine Linux v3.8 (containerized) OSType: linux Architecture: x86_64 CPUs: 8 Total Memory: 30.63GiB Name: 23225fca-2c54-4f24-aea7-42cae729bfe1 ID: SNFV:7NJV:XC3G:DLBL:QRJ4:KGWE:RREH:V66E:VUEO:UM4X:W3Y7:NVQ5 Docker Root Dir: /var/lib/docker/165536.165536 Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: http://10.155.101.117:5000/ Live Restore Enabled: false WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled
Any ideas?