websocket fix + starting firegex as root if capsh fails

2025-04-12 22:15:08 +02:00
parent ed85aa5430
commit a109ee8067
2 changed files with 21 additions and 3 deletions
--- a/backend/docker-entrypoint.sh
+++ b/backend/docker-entrypoint.sh
@@ -2,5 +2,21 @@

 chown nobody -R /execute/

-exec capsh --caps="cap_net_admin,cap_setpcap,cap_setuid,cap_setgid,cap_sys_nice+eip" \
-    --keep=1 --user=nobody --addamb=cap_net_admin,cap_sys_nice -- -c "python3 /execute/app.py DOCKER"
+echo "[*] Attempting to start with capabilities..."
+
+if capsh --caps="cap_net_admin,cap_setpcap,cap_setuid,cap_setgid,cap_sys_nice+eip" \
+    --keep=1 \
+    --user=nobody \
+    --addamb=cap_net_admin,cap_sys_nice \
+    -- -c "exit 0"
+then
+  exec capsh --caps="cap_net_admin,cap_setpcap,cap_setuid,cap_setgid,cap_sys_nice+eip" \
+    --keep=1 \
+    --user=nobody \
+    --addamb=cap_net_admin,cap_sys_nice \
+    -- -c "python3 /execute/app.py DOCKER"
+else
+    echo "[!] capsh failed, running with root user"
+    exec python3 /execute/app.py DOCKER
+fi
+