spindle-docker.patch · by zenfyr.dev

docker when docker build my dockers

spindle-docker.patch edited 1mo ago

13 lines 648 B view raw

 1diff --git a/spindle/engines/nixery/engine.go b/spindle/engines/nixery/engine.go
 2index 8fc8d785..668b4445 100644
 3--- a/spindle/engines/nixery/engine.go
 4+++ b/spindle/engines/nixery/engine.go
 5@@ -222,7 +222,7 @@ func (e *Engine) SetupWorkflow(ctx context.Context, wid models.WorkflowId, wf *m
 6 		},
 7 		ReadonlyRootfs: false,
 8 		CapDrop:        []string{"ALL"},
 9-		CapAdd:         []string{"CAP_DAC_OVERRIDE"},
10+		CapAdd:         []string{"CAP_DAC_OVERRIDE", "CAP_CHOWN", "CAP_FOWNER", "CAP_SETUID", "CAP_SETGID"},
11 		SecurityOpt:    []string{"no-new-privileges"},
12 		ExtraHosts:     []string{"host.docker.internal:host-gateway"},
13 	}, nil, nil, "")