Merge pull request #57 from Hurricos/master

feat: Build with CAP_NET_RAW by default to simplify rootless use
czerwonk · Nov 12, 2021 · cef8ae5 · cef8ae5
2 parents c9777d3 + 82ea2c9
commit cef8ae5
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -5,8 +5,9 @@ RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o /go/bin/ping_expo
 
 FROM alpine:latest
 ENV CONFIG_FILE "/config/config.yml"
-RUN apk --no-cache add ca-certificates
+RUN apk --no-cache add ca-certificates libcap
 WORKDIR /app
 COPY --from=builder /go/bin/ping_exporter .
+RUN setcap cap_net_raw+ep /app/ping_exporter
 CMD ./ping_exporter --config.path $CONFIG_FILE
 EXPOSE 9427
diff --git a/README.md b/README.md
@@ -146,6 +146,8 @@ On Linux systems `CAP_NET_RAW` is required to run `ping_exporter` as unprivilige
 # setcap cap_net_raw+ep /path/to/ping_exporter
 ```
 
+When run through a rootless Docker implementation on Linux, the flag `--cap-add=CAP_NET_RAW` should be added to the `docker run` invocation.
+
 ### Docker
 
 https://hub.docker.com/r/czerwonk/ping_exporter