Open TheQue42 opened 8 months ago
It seems the binary will need RUN setcap cap_net_raw,cap_net_admin=eip heplify
in the dockerfile, for the capabilities to be used when starting. Is this something that could be added to the default image build?
@TheQue42 absolutely, feel free to open a PR with the proposed changes and we'll go from there
I'd love to, but since the "RUN setcap" command cant be run in the "FROM scratch" image you use now, we'd have to change the empty base image into a "real" image that contains setcap.
And I am not sure I am the one to decide which you want?
heplify will run fine in any image, the scratch choice was purely related to size and proving the static build. Feel free to switch to alpine or any other viable image and we'll go from there.
Seems like this works.
https://github.com/TheQue42/heplify/blob/master/docker/heplify/Dockerfile
I'll continue tomorrow :-)
It looks promising! let us know if you notice any other issues before we make this the new standard
Super! My docker-compose with:
heplify:
image: sipcapture/heplify:latest
user: 1000:1000
cap_add:
- CAP_NET_ADMIN
- CAP_NET_RAW
profiles:
- homer
command:
./heplify -e -hs ${HOMER_DST}:9060 -m SIP -dd -zf -l info
network_mode: host
restart: unless-stopped
depends_on:
- xyz
Will now work fine!
Hi,
My attempts at running heplify in a non-root docker container, adding capabilities with:
in docker-compose.
But I just get:
Critical: setting af_packet handle: operation not permitted
Any pointers?