Failure to do this means that file capabilites are not preserved in the image.
Ping fails to work as a non-root user if cap_net_raw is capability is not set
Signed-off-by: Dan Griffin <dgriffin@peer1.com>
* 'master' of https://github.com/NikolaMandic/docker:
removed expect from mkimage-arch since it was not working
Conflicts:
contrib/mkimage-arch.sh
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Additionally, this can be overridden by setting the TMPDIR variable,
like this was already the case for the generic `mkimage.sh` script.
As explained in #6456, the rationale to use `/var/tmp` instead of `/tmp`
is that `/tmp` is often a small tmpfs filesystem with more restricted
rights.
Docker-DCO-1.1-Signed-off-by: Vincent Bernat <vincent@bernat.im> (github: vincentbernat)
This changes two URLs from http to https and it fixes a Dockerfile to
stop skipping certificate validation. It also adds the ca-certificates
package to that Dockerfile example.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
mktemp creates a root directory ("/") with permissions set to 700. Default should be 755 so other users in the container can access its subdirs (e.g http user for nginx for /srv/http/test/index.html).
Docker-DCO-1.1-Signed-off-by: Samuel Andaya <samuel@andaya.net> (github: sandaya)
Apart from having more predictable return codes on various operating
systems, it additionally caches the path to application.
Docker-DCO-1.1-Signed-off-by: Bartłomiej Piotrowski <b@bpiotrowski.pl> (github: Barthalion)