30 lines
761 B
Bash
30 lines
761 B
Bash
#!/bin/sh
|
|
|
|
chown nobody -R /execute/
|
|
|
|
# Create socket directory if SOCKET_DIR is set
|
|
if [ -n "$SOCKET_DIR" ]; then
|
|
mkdir -p "$SOCKET_DIR"
|
|
chown nobody:nobody "$SOCKET_DIR"
|
|
chmod 755 "$SOCKET_DIR"
|
|
fi
|
|
|
|
echo "[*] Attempting to start with capabilities..."
|
|
|
|
if capsh --caps="cap_net_admin,cap_setpcap,cap_setuid,cap_setgid,cap_sys_nice+eip" \
|
|
--keep=1 \
|
|
--user=nobody \
|
|
--addamb=cap_net_admin,cap_sys_nice \
|
|
-- -c "exit 0"
|
|
then
|
|
exec capsh --caps="cap_net_admin,cap_setpcap,cap_setuid,cap_setgid,cap_sys_nice+eip" \
|
|
--keep=1 \
|
|
--user=nobody \
|
|
--addamb=cap_net_admin,cap_sys_nice \
|
|
-- -c "python3 /execute/app.py DOCKER"
|
|
else
|
|
echo "[!] capsh failed, running with root user"
|
|
exec python3 /execute/app.py DOCKER
|
|
fi
|
|
|