encbladexp
commented
1 year ago A Dockerfile could not add capabilities, this is by design, and nothing vault could change. Dockerfile influences the Image, but capabilities are a runtime/container thing. You want something that is technical not possible.
In Dockerfile, I added line RUN setcap cap_ipc_lock=+ep $(readlink -f $(which vault))
but still get couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --cap-add IPC_LOCK
I know "docker run --cap-add=IPC_LOCK -d --name=dev-vault vault", I want to be inside Dockerfile.