starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-12-10 17:23:04 +03:00
Code Issues 429 Packages Projects Releases 10 Wiki Activity

[PR #3170] [MERGED] Allow listening on privileged ports (below 1024) as non-root #3061

New Issue
Open
opened 2025-10-09 18:16:29 +03:00 by OVERLORD · 0 comments
OVERLORD commented 2025-10-09 18:16:29 +03:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/3170
Author: @jjlin
Created: 1/25/2023
Status: Merged
Merged: 2/12/2023
Merged by: @dani-garcia

Base: mainHead: cap_net_bind_service

📝 Commits (4)

  • 2c6bd8c Rename .buildx Dockerfiles to .buildkit
  • 686474f Disable Hadolint check for consecutive RUN instructions (DL3059)
  • a2162f4 Allow listening on privileged ports (below 1024) as non-root
  • a6dd4f1 Merge branch 'main' into cap_net_bind_service

📊 Changes

21 files changed (+175 additions, -216 deletions)

View changed files

📝 .github/workflows/release.yml (+4 -1)
📝 .hadolint.yaml (+2 -0)
📝 docker/Dockerfile.j2 (+28 -26)
📝 docker/Makefile (+2 -2)
📝 docker/amd64/Dockerfile (+5 -9)
📝 docker/amd64/Dockerfile.alpine (+4 -7)
📝 docker/amd64/Dockerfile.buildkit (+10 -9)
📝 docker/amd64/Dockerfile.buildkit.alpine (+9 -7)
📝 docker/arm64/Dockerfile (+9 -16)
📝 docker/arm64/Dockerfile.alpine (+4 -9)
📝 docker/arm64/Dockerfile.buildkit (+14 -16)
📝 docker/arm64/Dockerfile.buildkit.alpine (+9 -9)
📝 docker/armv6/Dockerfile (+9 -17)
📝 docker/armv6/Dockerfile.alpine (+4 -9)
📝 docker/armv6/Dockerfile.buildkit (+14 -17)
📝 docker/armv6/Dockerfile.buildkit.alpine (+9 -9)
📝 docker/armv7/Dockerfile (+9 -16)
📝 docker/armv7/Dockerfile.alpine (+4 -9)
📝 docker/armv7/Dockerfile.buildkit (+14 -16)
📝 docker/armv7/Dockerfile.buildkit.alpine (+9 -9)

...and 1 more files

📄 Description

This is done by running setcap cap_net_bind_service=+ep on the executable in the build stage (doing it in the runtime stage creates an extra copy of the executable that bloats the image). This only works when using the BuildKit-based builder, since the COPY instruction doesn't copy capabilities on the legacy builder.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/3170 **Author:** [@jjlin](https://github.com/jjlin) **Created:** 1/25/2023 **Status:** ✅ Merged **Merged:** 2/12/2023 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `main` ← **Head:** `cap_net_bind_service` --- ### 📝 Commits (4) - [`2c6bd8c`](https://github.com/dani-garcia/vaultwarden/commit/2c6bd8c9dc67d3e0208e1873d8bf3fef6d8f9aa3) Rename `.buildx` Dockerfiles to `.buildkit` - [`686474f`](https://github.com/dani-garcia/vaultwarden/commit/686474f81505b0b7aae323669809dd86f6186427) Disable Hadolint check for consecutive `RUN` instructions (DL3059) - [`a2162f4`](https://github.com/dani-garcia/vaultwarden/commit/a2162f4d69eda9f836497ef137cbc3c2d00cd86b) Allow listening on privileged ports (below 1024) as non-root - [`a6dd4f1`](https://github.com/dani-garcia/vaultwarden/commit/a6dd4f1206ae382528871eccf2f5bdef808f238e) Merge branch 'main' into cap_net_bind_service ### 📊 Changes **21 files changed** (+175 additions, -216 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/release.yml` (+4 -1) 📝 `.hadolint.yaml` (+2 -0) 📝 `docker/Dockerfile.j2` (+28 -26) 📝 `docker/Makefile` (+2 -2) 📝 `docker/amd64/Dockerfile` (+5 -9) 📝 `docker/amd64/Dockerfile.alpine` (+4 -7) 📝 `docker/amd64/Dockerfile.buildkit` (+10 -9) 📝 `docker/amd64/Dockerfile.buildkit.alpine` (+9 -7) 📝 `docker/arm64/Dockerfile` (+9 -16) 📝 `docker/arm64/Dockerfile.alpine` (+4 -9) 📝 `docker/arm64/Dockerfile.buildkit` (+14 -16) 📝 `docker/arm64/Dockerfile.buildkit.alpine` (+9 -9) 📝 `docker/armv6/Dockerfile` (+9 -17) 📝 `docker/armv6/Dockerfile.alpine` (+4 -9) 📝 `docker/armv6/Dockerfile.buildkit` (+14 -17) 📝 `docker/armv6/Dockerfile.buildkit.alpine` (+9 -9) 📝 `docker/armv7/Dockerfile` (+9 -16) 📝 `docker/armv7/Dockerfile.alpine` (+4 -9) 📝 `docker/armv7/Dockerfile.buildkit` (+14 -16) 📝 `docker/armv7/Dockerfile.buildkit.alpine` (+9 -9) _...and 1 more files_ </details> ### 📄 Description This is done by running `setcap cap_net_bind_service=+ep` on the executable in the build stage (doing it in the runtime stage creates an extra copy of the executable that bloats the image). This only works when using the BuildKit-based builder, since the `COPY` instruction doesn't copy capabilities on the legacy builder. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
OVERLORD added the pull-request label 2025-10-09 18:16:29 +03:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
bug
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
troubleshooting
wontfix
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#3061
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?