[ https://issues.apache.org/jira/browse/DAEMON-426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mark Thomas resolved DAEMON-426. -------------------------------- Fix Version/s: 1.2.4 Resolution: Fixed No response from original reporter. Assuming the proposed fix is sufficient. > CAP_DAC_READ_SEARCH not allowed in containers by default > -------------------------------------------------------- > > Key: DAEMON-426 > URL: https://issues.apache.org/jira/browse/DAEMON-426 > Project: Commons Daemon > Issue Type: Bug > Components: Jsvc > Affects Versions: 1.2.2 > Environment: Redhat 7; jsvc 1.2.3 > Reporter: Sheridan Rawlins > Priority: Major > Fix For: 1.2.4 > > > jsvc tries to get {{CAP_DAC_READ_SEARCH}} capabilities. The code says [Fix > DAEMON-16 by adding CAP_DAC_READ_SEARCH to allow reading > /proc/self|https://github.com/apache/commons-daemon/commit/2090bd1586f30f4a72ab192df6b7e7f9f5548922#diff-71c2181bdc541da57b93eb9c43851baa9457ca97e6cf1e9f8ee1c280d273ca5a] > but does anyone still need this? It fails on docker containers in kubernetes > unless admins allow that capability to be requested. > I tried compiling it without this flag and it seems to run everything just > fine - but to not break anyone who might really need this CAP, perhaps some > command line switch could be added to adjust what capabilities are requested > generally, or at the very least specifically whether to not alter that > CAP_DAC_READ_SEARCH cap. -- This message was sent by Atlassian Jira (v8.3.4#803005)