Rsync when not run as root user, it needs group id and user id setter capability.
cap_setgid
cap_setuid
Change-Id: I396e0f4868492f8bb55f77229658e4dc6e05fcdc
Signed-off-by: Balazs Szekeres <balazs.szekeres@nokia.com>
%define COMPONENT swift
%define RPM_NAME caas-%{COMPONENT}
%define RPM_MAJOR_VERSION 2.22.0
-%define RPM_MINOR_VERSION 0
+%define RPM_MINOR_VERSION 1
%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION}
Name: %{RPM_NAME}
Version: %{RPM_MAJOR_VERSION}
image: {{ container_image_names | select('search', '/swift') | list | last }}
securityContext:
capabilities:
- add: ["NET_BIND_SERVICE"]
+ add: ["NET_BIND_SERVICE", "SETGID", "SETUID"]
args:
- BACKEND
resources:
image: {{ container_image_names | select('search', '/swift') | list | last }}
securityContext:
capabilities:
- add: ["NET_BIND_SERVICE"]
+ add: ["NET_BIND_SERVICE", "SETGID", "SETUID"]
args:
- BACKEND
resources:
&& yum clean all \
&& rm -rf /etc/yum.repos.d/luxembourg.repo \
&& rm -rf ${GOPATH} \
-&& setcap 'cap_net_bind_service=+ep' /usr/bin/rsync
+&& setcap 'cap_setgid,cap_setuid,cap_net_bind_service=+ep' /usr/bin/rsync
ENTRYPOINT ["/usr/bin/mainstart.sh"]
Code Review / ta / caas-registry.git / commitdiff