From 62fdcb05f58c7252a163dafe153b16a9904b7ff4 Mon Sep 17 00:00:00 2001 From: Brennan Kinney <5098581+polarathene@users.noreply.github.com> Date: Tue, 7 Jun 2022 01:20:13 +1200 Subject: [PATCH] chore: Remove redundant capability `SYS_PTRACE` (#2624) * chore: Remove `SYS_PTRACE` capability from docs and configs * chore: Remove `SYS_PTRACE` capability from tests Doesn't seem to be required. It was originally added when the original change detection feature PR apparently needed it to function. --- README.md | 2 -- docker-compose.yml | 2 -- docs/content/config/advanced/full-text-search.md | 1 - docs/content/config/advanced/kubernetes.md | 1 - docs/content/examples/tutorials/basic-installation.md | 1 - test/default_relay_host.bats | 1 - test/mail_privacy.bats | 1 - test/mail_special_use_folders.bats | 1 - test/mail_undef_spam_subject.bats | 1 - test/mail_with_mdbox.bats | 1 - test/mail_with_relays.bats | 1 - test/mail_with_sdbox.bats | 1 - test/open_dkim.bats | 1 - test/tests.bats | 1 - 14 files changed, 16 deletions(-) diff --git a/README.md b/README.md index e3492dbb..2d242002 100644 --- a/README.md +++ b/README.md @@ -259,7 +259,6 @@ services: - ONE_DIR=1 cap_add: - NET_ADMIN - - SYS_PTRACE restart: always ``` @@ -316,6 +315,5 @@ services: - POSTFIX_MESSAGE_SIZE_LIMIT=100000000 cap_add: - NET_ADMIN - - SYS_PTRACE restart: always ``` diff --git a/docker-compose.yml b/docker-compose.yml index 620c91ab..1e3e84ab 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -26,5 +26,3 @@ services: stop_grace_period: 1m cap_add: - NET_ADMIN - - SYS_PTRACE - diff --git a/docs/content/config/advanced/full-text-search.md b/docs/content/config/advanced/full-text-search.md index 0eb587c5..f1cf103a 100644 --- a/docs/content/config/advanced/full-text-search.md +++ b/docs/content/config/advanced/full-text-search.md @@ -83,7 +83,6 @@ While indexing is memory intensive, you can configure the plugin to limit the am stop_grace_period: 1m cap_add: - NET_ADMIN - - SYS_PTRACE ``` 3. Recreate containers: diff --git a/docs/content/config/advanced/kubernetes.md b/docs/content/config/advanced/kubernetes.md index 077994be..fe640598 100644 --- a/docs/content/config/advanced/kubernetes.md +++ b/docs/content/config/advanced/kubernetes.md @@ -199,7 +199,6 @@ spec: - NET_BIND_SERVICE # miscellaneous capabilities - SYS_CHROOT - - SYS_PTRACE - KILL drop: [ALL] seccompProfile: diff --git a/docs/content/examples/tutorials/basic-installation.md b/docs/content/examples/tutorials/basic-installation.md index 45cdf63b..57416527 100644 --- a/docs/content/examples/tutorials/basic-installation.md +++ b/docs/content/examples/tutorials/basic-installation.md @@ -61,7 +61,6 @@ In this setup `docker-mailserver` is not intended to receive email externally, s - SPOOF_PROTECTION=0 cap_add: - NET_ADMIN # For Fail2Ban to work - - SYS_PTRACE ``` - The docs have a detailed page on [Environment Variables][docs-environment] for reference. diff --git a/test/default_relay_host.bats b/test/default_relay_host.bats index 62976757..b22420ed 100644 --- a/test/default_relay_host.bats +++ b/test/default_relay_host.bats @@ -8,7 +8,6 @@ function setup() { -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ -v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \ -e DEFAULT_RELAY_HOST=default.relay.host.invalid:25 \ - --cap-add=SYS_PTRACE \ -e PERMIT_DOCKER=host \ -h mail.my-domain.com -t "${NAME}" diff --git a/test/mail_privacy.bats b/test/mail_privacy.bats index c83d5087..e8d560f8 100644 --- a/test/mail_privacy.bats +++ b/test/mail_privacy.bats @@ -8,7 +8,6 @@ function setup_file() { -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ -v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \ -e ENABLE_MANAGESIEVE=1 \ - --cap-add=SYS_PTRACE \ -e PERMIT_DOCKER=host \ -h mail.my-domain.com \ -e SSL_TYPE='snakeoil' \ diff --git a/test/mail_special_use_folders.bats b/test/mail_special_use_folders.bats index fb181964..e0ef03f8 100644 --- a/test/mail_special_use_folders.bats +++ b/test/mail_special_use_folders.bats @@ -10,7 +10,6 @@ setup_file() { -e SASL_PASSWD="external-domain.com username:password" \ -e ENABLE_CLAMAV=0 \ -e ENABLE_SPAMASSASSIN=0 \ - --cap-add=SYS_PTRACE \ -e PERMIT_DOCKER=host \ -h mail.my-domain.com -t "${NAME}" diff --git a/test/mail_undef_spam_subject.bats b/test/mail_undef_spam_subject.bats index b6ee6868..8429f877 100644 --- a/test/mail_undef_spam_subject.bats +++ b/test/mail_undef_spam_subject.bats @@ -29,7 +29,6 @@ function setup() { -e ENABLE_SRS=1 \ -e SASL_PASSWD="external-domain.com username:password" \ -e ENABLE_MANAGESIEVE=1 \ - --cap-add=SYS_PTRACE \ -e PERMIT_DOCKER=host \ -h mail.my-domain.com -t "${NAME}") diff --git a/test/mail_with_mdbox.bats b/test/mail_with_mdbox.bats index 09c8fbbe..dd751adb 100644 --- a/test/mail_with_mdbox.bats +++ b/test/mail_with_mdbox.bats @@ -11,7 +11,6 @@ setup_file() { -e ENABLE_CLAMAV=0 \ -e ENABLE_SPAMASSASSIN=0 \ -e DOVECOT_MAILBOX_FORMAT=mdbox \ - --cap-add=SYS_PTRACE \ -e PERMIT_DOCKER=host \ -h mail.my-domain.com -t "${NAME}" diff --git a/test/mail_with_relays.bats b/test/mail_with_relays.bats index ecd2112f..0122e23e 100644 --- a/test/mail_with_relays.bats +++ b/test/mail_with_relays.bats @@ -13,7 +13,6 @@ function setup_file() { -e RELAY_PORT=2525 \ -e RELAY_USER=smtp_user \ -e RELAY_PASSWORD=smtp_password \ - --cap-add=SYS_PTRACE \ -e PERMIT_DOCKER=host \ -h mail.my-domain.com -t "${NAME}" diff --git a/test/mail_with_sdbox.bats b/test/mail_with_sdbox.bats index f60c4190..487fb4de 100644 --- a/test/mail_with_sdbox.bats +++ b/test/mail_with_sdbox.bats @@ -11,7 +11,6 @@ setup_file() { -e ENABLE_CLAMAV=0 \ -e ENABLE_SPAMASSASSIN=0 \ -e DOVECOT_MAILBOX_FORMAT=sdbox \ - --cap-add=SYS_PTRACE \ -e PERMIT_DOCKER=host \ -h mail.my-domain.com -t "${NAME}" diff --git a/test/open_dkim.bats b/test/open_dkim.bats index fd1a673d..9d1e68e7 100644 --- a/test/open_dkim.bats +++ b/test/open_dkim.bats @@ -14,7 +14,6 @@ function setup_file docker run -d \ --name "${CONTAINER_NAME}" \ - --cap-add=SYS_PTRACE \ -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ -v "${PWD}/test/test-files":/tmp/docker-mailserver-test:ro \ -e DEFAULT_RELAY_HOST=default.relay.host.invalid:25 \ diff --git a/test/tests.bats b/test/tests.bats index 81743446..460e6990 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -36,7 +36,6 @@ setup_file() { -e SSL_TYPE='snakeoil' \ -e VIRUSMAILS_DELETE_DELAY=7 \ -h mail.my-domain.com \ - --cap-add=SYS_PTRACE \ --tty \ "${NAME}"