From 34a57d6f0952ccf0ae8f2aeb5176c8bfd42a84b8 Mon Sep 17 00:00:00 2001 From: anti Date: Thu, 9 Apr 2026 19:04:52 -0400 Subject: [PATCH] =?UTF-8?q?fix:=20make=20setcap=20resilient=20=E2=80=94=20?= =?UTF-8?q?no-op=20when=20Python=20absent=20or=20symlink-only?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/cowrie/Dockerfile | 2 +- templates/docker_api/Dockerfile | 2 +- templates/elasticsearch/Dockerfile | 2 +- templates/ftp/Dockerfile | 2 +- templates/http/Dockerfile | 2 +- templates/imap/Dockerfile | 2 +- templates/k8s/Dockerfile | 2 +- templates/ldap/Dockerfile | 2 +- templates/llmnr/Dockerfile | 2 +- templates/mongodb/Dockerfile | 2 +- templates/mqtt/Dockerfile | 2 +- templates/mssql/Dockerfile | 2 +- templates/mysql/Dockerfile | 2 +- templates/pop3/Dockerfile | 2 +- templates/postgres/Dockerfile | 2 +- templates/rdp/Dockerfile | 2 +- templates/real_ssh/Dockerfile | 2 +- templates/redis/Dockerfile | 2 +- templates/sip/Dockerfile | 2 +- templates/smb/Dockerfile | 2 +- templates/smtp/Dockerfile | 2 +- templates/snmp/Dockerfile | 2 +- templates/tftp/Dockerfile | 2 +- templates/vnc/Dockerfile | 2 +- 24 files changed, 24 insertions(+), 24 deletions(-) diff --git a/templates/cowrie/Dockerfile b/templates/cowrie/Dockerfile index 0a0c220..6e011ea 100644 --- a/templates/cowrie/Dockerfile +++ b/templates/cowrie/Dockerfile @@ -10,7 +10,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/docker_api/Dockerfile b/templates/docker_api/Dockerfile index b8126a3..f67a0c7 100644 --- a/templates/docker_api/Dockerfile +++ b/templates/docker_api/Dockerfile @@ -17,7 +17,7 @@ EXPOSE 2375 2376 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/elasticsearch/Dockerfile b/templates/elasticsearch/Dockerfile index b415dfa..a2d952f 100644 --- a/templates/elasticsearch/Dockerfile +++ b/templates/elasticsearch/Dockerfile @@ -14,7 +14,7 @@ EXPOSE 9200 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/ftp/Dockerfile b/templates/ftp/Dockerfile index c1dedbc..d2365e6 100644 --- a/templates/ftp/Dockerfile +++ b/templates/ftp/Dockerfile @@ -17,7 +17,7 @@ EXPOSE 21 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/http/Dockerfile b/templates/http/Dockerfile index 2d1d252..4014032 100644 --- a/templates/http/Dockerfile +++ b/templates/http/Dockerfile @@ -17,7 +17,7 @@ EXPOSE 80 443 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/imap/Dockerfile b/templates/imap/Dockerfile index 27dcf3f..a0e8fa2 100644 --- a/templates/imap/Dockerfile +++ b/templates/imap/Dockerfile @@ -14,7 +14,7 @@ EXPOSE 143 993 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/k8s/Dockerfile b/templates/k8s/Dockerfile index 71ff52e..118ed00 100644 --- a/templates/k8s/Dockerfile +++ b/templates/k8s/Dockerfile @@ -17,7 +17,7 @@ EXPOSE 6443 8080 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/ldap/Dockerfile b/templates/ldap/Dockerfile index 57d7142..2d8aa48 100644 --- a/templates/ldap/Dockerfile +++ b/templates/ldap/Dockerfile @@ -14,7 +14,7 @@ EXPOSE 389 636 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/llmnr/Dockerfile b/templates/llmnr/Dockerfile index 5035328..cddfc7d 100644 --- a/templates/llmnr/Dockerfile +++ b/templates/llmnr/Dockerfile @@ -15,7 +15,7 @@ EXPOSE 5353/udp RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/mongodb/Dockerfile b/templates/mongodb/Dockerfile index d4f0b26..d8f7039 100644 --- a/templates/mongodb/Dockerfile +++ b/templates/mongodb/Dockerfile @@ -14,7 +14,7 @@ EXPOSE 27017 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/mqtt/Dockerfile b/templates/mqtt/Dockerfile index 863f657..1ee311d 100644 --- a/templates/mqtt/Dockerfile +++ b/templates/mqtt/Dockerfile @@ -14,7 +14,7 @@ EXPOSE 1883 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/mssql/Dockerfile b/templates/mssql/Dockerfile index 2eb2171..07607cb 100644 --- a/templates/mssql/Dockerfile +++ b/templates/mssql/Dockerfile @@ -14,7 +14,7 @@ EXPOSE 1433 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/mysql/Dockerfile b/templates/mysql/Dockerfile index eb327ad..cbfb532 100644 --- a/templates/mysql/Dockerfile +++ b/templates/mysql/Dockerfile @@ -14,7 +14,7 @@ EXPOSE 3306 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/pop3/Dockerfile b/templates/pop3/Dockerfile index b7eb104..ccbfe65 100644 --- a/templates/pop3/Dockerfile +++ b/templates/pop3/Dockerfile @@ -14,7 +14,7 @@ EXPOSE 110 995 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/postgres/Dockerfile b/templates/postgres/Dockerfile index b2edd70..0a6a6bf 100644 --- a/templates/postgres/Dockerfile +++ b/templates/postgres/Dockerfile @@ -14,7 +14,7 @@ EXPOSE 5432 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/rdp/Dockerfile b/templates/rdp/Dockerfile index 3c6db97..cf68714 100644 --- a/templates/rdp/Dockerfile +++ b/templates/rdp/Dockerfile @@ -17,7 +17,7 @@ EXPOSE 3389 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/real_ssh/Dockerfile b/templates/real_ssh/Dockerfile index 502789c..81052c9 100644 --- a/templates/real_ssh/Dockerfile +++ b/templates/real_ssh/Dockerfile @@ -51,7 +51,7 @@ EXPOSE 22 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/redis/Dockerfile b/templates/redis/Dockerfile index a837bd1..bc627ac 100644 --- a/templates/redis/Dockerfile +++ b/templates/redis/Dockerfile @@ -14,7 +14,7 @@ EXPOSE 6379 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/sip/Dockerfile b/templates/sip/Dockerfile index ced282f..ab37230 100644 --- a/templates/sip/Dockerfile +++ b/templates/sip/Dockerfile @@ -15,7 +15,7 @@ EXPOSE 5060/tcp RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/smb/Dockerfile b/templates/smb/Dockerfile index 6315f7e..cea8028 100644 --- a/templates/smb/Dockerfile +++ b/templates/smb/Dockerfile @@ -17,7 +17,7 @@ EXPOSE 445 139 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/smtp/Dockerfile b/templates/smtp/Dockerfile index 46edeab..2013f50 100644 --- a/templates/smtp/Dockerfile +++ b/templates/smtp/Dockerfile @@ -14,7 +14,7 @@ EXPOSE 25 587 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/snmp/Dockerfile b/templates/snmp/Dockerfile index e467cb7..5a452e9 100644 --- a/templates/snmp/Dockerfile +++ b/templates/snmp/Dockerfile @@ -14,7 +14,7 @@ EXPOSE 161/udp RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/tftp/Dockerfile b/templates/tftp/Dockerfile index cf3899a..dc7296c 100644 --- a/templates/tftp/Dockerfile +++ b/templates/tftp/Dockerfile @@ -14,7 +14,7 @@ EXPOSE 69/udp RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1 diff --git a/templates/vnc/Dockerfile b/templates/vnc/Dockerfile index d4863b0..62a5581 100644 --- a/templates/vnc/Dockerfile +++ b/templates/vnc/Dockerfile @@ -14,7 +14,7 @@ EXPOSE 5900 RUN useradd -r -s /bin/false -d /opt decnet \ && apt-get update && apt-get install -y --no-install-recommends libcap2-bin \ && rm -rf /var/lib/apt/lists/* \ - && find /usr/bin/python3* -maxdepth 0 -type f -exec setcap 'cap_net_bind_service+eip' {} \; + && (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true) HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ CMD kill -0 1 || exit 1