From 44a7f154407196f9fa91ef638dc07fc64f7ffcdf Mon Sep 17 00:00:00 2001 From: Adam Outler Date: Thu, 22 Jan 2026 22:08:36 -0500 Subject: [PATCH] Update Docker Compose capabilities for root-entrypoint Added necessary capabilities for root-entrypoint operations. --- docs/DOCKER_COMPOSE.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/DOCKER_COMPOSE.md b/docs/DOCKER_COMPOSE.md index 396bc912..8c20e018 100755 --- a/docs/DOCKER_COMPOSE.md +++ b/docs/DOCKER_COMPOSE.md @@ -27,6 +27,9 @@ services: - NET_ADMIN # Required for ARP scanning - NET_RAW # Required for raw socket operations - NET_BIND_SERVICE # Required to bind to privileged ports (nbtscan) + - CHOWN # Required for root-entrypoint to chown /data + /tmp before dropping privileges + - SETUID # Required for root-entrypoint to switch to non-root user + - SETGID # Required for root-entrypoint to switch to non-root group volumes: - type: volume # Persistent Docker-managed named volume for config + database