jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add ping capability (for statping)

Browse Source
This commit is contained in:
Girish Ramakrishnan
2020-06-30 07:31:24 -07:00
parent bc6e652293
commit 0f103ccce1
4 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGES
+1
View File
@@ -2012,4 +2012,5 @@
[5.4.0]
* Update nginx to 1.18 for various security fixes
* Add ping capability (for statping app)
package-lock.json
Generated
+3 -3
View File
@@ -741,9 +741,9 @@
}
},
"cloudron-manifestformat": {
"version": "5.4.0",
"resolved": "https://registry.npmjs.org/cloudron-manifestformat/-/cloudron-manifestformat-5.4.0.tgz",
"integrity": "sha512-MpgAMpBm3k14bH3lLaCUzcBtgC458Qx75blORHqTxJ83aGJp4P7+YYM/ABVGHVD0842OcR3JvQlCUT7+4cs6Cg==",
"version": "5.5.0",
"resolved": "https://registry.npmjs.org/cloudron-manifestformat/-/cloudron-manifestformat-5.5.0.tgz",
"integrity": "sha512-Xf1vOwCFT5h1MZQ9fC8EyfL2jfpVlShg5r7est/ZA+vSzcbvk2nQxPmpk4q4e6iDfr19B7iUw2b2X7mw5c1Dlg==",
"requires": {
"cron": "^1.8.2",
"java-packagename-regex": "^1.0.0",
package.json
+1 -1
View File
@@ -20,7 +20,7 @@
"async": "^2.6.3",
"aws-sdk": "^2.685.0",
"body-parser": "^1.19.0",
"cloudron-manifestformat": "^5.4.0",
"cloudron-manifestformat": "^5.5.0",
"connect": "^3.7.0",
"connect-lastmile": "^2.0.0",
"connect-timeout": "^1.9.0",
src/docker.js
+4 -1
View File
@@ -307,7 +307,7 @@ function createSubcontainer(app, name, cmd, options, callback) {
DnsSearch: ['.'], // use internal dns
SecurityOpt: [ 'apparmor=docker-cloudron-app' ],
CapAdd: [],
CapDrop: [ 'NET_RAW' ] // https://docs-stage.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
CapDrop: []
},
NetworkingConfig: {
EndpointsConfig: {
@@ -319,8 +319,11 @@ function createSubcontainer(app, name, cmd, options, callback) {
};
var capabilities = manifest.capabilities || [];
// https://docs-stage.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
if (capabilities.includes('net_admin')) containerOptions.HostConfig.CapAdd.push('NET_ADMIN', 'NET_RAW');
if (capabilities.includes('mlock')) containerOptions.HostConfig.CapAdd.push('IPC_LOCK'); // mlock prevents swapping
if (!capabilities.includes('ping')) containerOptions.HostConfig.CapDrop.push('NET_RAW'); // NET_RAW is included by default by Docker
containerOptions = _.extend(containerOptions, options);