[
https://issues.apache.org/jira/browse/DAEMON-426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mark Thomas resolved DAEMON-426.
--------------------------------
Fix Version/s: 1.2.4
Resolution: Fixed
No response from original reporter. Assuming the proposed fix is sufficient.
> CAP_DAC_READ_SEARCH not allowed in containers by default
> --------------------------------------------------------
>
> Key: DAEMON-426
> URL: https://issues.apache.org/jira/browse/DAEMON-426
> Project: Commons Daemon
> Issue Type: Bug
> Components: Jsvc
> Affects Versions: 1.2.2
> Environment: Redhat 7; jsvc 1.2.3
> Reporter: Sheridan Rawlins
> Priority: Major
> Fix For: 1.2.4
>
>
> jsvc tries to get {{CAP_DAC_READ_SEARCH}} capabilities. The code says [Fix
> DAEMON-16 by adding CAP_DAC_READ_SEARCH to allow reading
> /proc/self|https://github.com/apache/commons-daemon/commit/2090bd1586f30f4a72ab192df6b7e7f9f5548922#diff-71c2181bdc541da57b93eb9c43851baa9457ca97e6cf1e9f8ee1c280d273ca5a]
> but does anyone still need this? It fails on docker containers in kubernetes
> unless admins allow that capability to be requested.
> I tried compiling it without this flag and it seems to run everything just
> fine - but to not break anyone who might really need this CAP, perhaps some
> command line switch could be added to adjust what capabilities are requested
> generally, or at the very least specifically whether to not alter that
> CAP_DAC_READ_SEARCH cap.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
