From 91b546f0dd6660534b134e405b7bd37a747c2fd9 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Sun, 16 Aug 2020 16:53:07 -0400
Subject: [PATCH] Add NET_RAW as inheritable on openvpn.

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ed3ba49..3c74c38 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,6 +26,6 @@ COPY cznic-obs.gpg /etc/apt/trusted.gpg.d
 RUN apt-get -q update && env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
         openvpn libcap2-bin netcat-openbsd iptables knot-resolver knot-resolver-module-http \
         && rm -rf /var/lib/apt/lists/*
-RUN setcap cap_net_admin,cap_net_bind_service+eip /usr/sbin/openvpn
-RUN setcap cap_net_admin+eip /bin/ip
+RUN setcap cap_net_admin,cap_net_bind_service,cap_net_raw+eip /usr/sbin/openvpn
+RUN setcap cap_net_admin+ep /bin/ip
 RUN setcap cap_net_bind_service+ep /usr/sbin/kresd
-- 
GitLab