How to configure capabilities e.g. pass --cap-add option ?

[ieugen]

Hi,

I'm truing to run vault in dev mode.
How can I pass capabilities with clj-test-containers?

I did not find any docs regarding this or

According to their docs, I need to pass some capabilities https://hub.docker.com/r/hashicorp/vault

The container will attempt to lock memory to prevent sensitive values from being swapped to disk and as a result must have --cap-add=IPC_LOCK provided to docker run. Since the Vault binary runs as a non-root user, setcap is used to give the binary the ability to lock memory. With some Docker storage plugins in some distributions this call will not work correctly; it seems to fail most often with AUFS. The memory locking behavior can be disabled by setting the SKIP_SETCAP environment variable to any non-empty value.
Running Vault for Development

$ docker run --cap-add=IPC_LOCK -d --name=dev-vault hashicorp/vault

[ieugen]

Vault seems to work without cap-add but the question still stands.

[javahippie]

Sorry for the delay! I don't know it from the top of my head, but I'll look into it

[javahippie]

This feature already exists in testcontainers-java, so it would be possible to do it like this with Java-Interop. I will see if there is a nicer way to add this to the Clojure API:

new GenericContainer<>(
            DOCKER_HOST_CONTAINER_NAME
        ).withCreateContainerCmdModifier(
            it -> it.withHostConfig(
                HostConfig.newHostConfig()
                    .withCapAdd(Capability.NET_ADMIN, Capability.NET_RAW)
                    .withNetworkMode(network.getId())
            )
        ).withNetwork(network)
            .withNetworkAliases(dockerHostName)
            .waitingFor(
                Wait.forLogMessage(".*Forwarding ports.*", 1)
            )

Taken from: https://stackoverflow.com/questions/63512635/how-to-add-run-arguments-within-docker-test-containers

[ieugen]

Thanks. Closing this.