From 8fa6a3c24919b7e5a10efbffe557dc6e464c7192 Mon Sep 17 00:00:00 2001
From: Ric Klaren <ric.klaren@gmail.com>
Date: Mon, 30 Dec 2024 12:48:18 -0600
Subject: [PATCH] fix: add cap_net_bind_service=+ep to /usr/bin/node (#25385)

In order for the container to bind to low ports the node binary needs to have cap_net_bind_service. This is needed besides adding the  capability when starting the container.
---
 docker/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 9d805a5c10..c853117428 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -12,7 +12,7 @@ FROM linux-${TARGETARCH}-alpine AS base
 
 ENV NODE_ENV=production
 WORKDIR /app
-RUN apk add --no-cache tzdata eudev tini nodejs
+RUN apk add --no-cache tzdata eudev tini nodejs libcap
 
 # Dependencies and build
 FROM base AS deps
@@ -47,6 +47,7 @@ COPY package.json LICENSE index.js data/configuration.example.yaml ./
 
 COPY docker/docker-entrypoint.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+RUN setcap 'cap_net_bind_service=+ep' /usr/bin/node
 
 RUN mkdir /app/data