Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow MailHog to use privileged ports locally #329

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Allow MailHog to use privileged ports locally #329

wants to merge 2 commits into from

Conversation

martinkoehler
Copy link

MailHog allows to configure the port where it listens e.g. via
the environment variable MH_SMTP_BIND_ADDR. However privileged ports are
not allowed, since MailHog runs as normal user.
Using setcap the MailHog binary is allowed to bind on privileged ports

Closes #328

@martinkoehler
Allow MailHog to use privileged ports locally
113213f 
MailHog allows to configure the port where it listens e.g. via
the environment variable MH_SMTP_BIND_ADDR. However privileged ports are
not allowed, since MailHog runs as normal user.
Using setcap the MailHog binary is allowed to bind on privileged ports
@bvdbasch
Copy link

@kraxx @tyndyll @anthonyptetlow @rpkamp @teohhanhui

Can one of you please merge this pull request? Thanks you 🙏

@tyndyll
Copy link
Member

tyndyll commented Mar 26, 2021

I will look at it over the weekend. Want to understand the implications of using the capabilities before merging.

@tyndyll
Copy link
Member

tyndyll commented Mar 29, 2021

Would it be possible to extract the setcap portion as an additional stage in the Dockerfile build? I can then create and publish two images mailhog:latest and mailhog:latest-privileged-ports. This will give people the option of running it

@martinkoehler
Dockerfile
459497d 
extract the setcap portion as an additional stage in the Dockerfile
build
@martinkoehler
Copy link
Author

martinkoehler commented Mar 30, 2021
edited
Loading

@tyndyll: Is this what you mean?
BTW: The default behavoir does not change, so IMHO people can use mailhog:latest-privileged-ports as a drop-in without noticing a difference. Only if they specify a priveleged port in the Environment, this now works :-)
Or do you have security concerns?
Thanks.

@tyndyll
Copy link
Member

tyndyll commented Apr 6, 2021

I have security concerns, but I'm 99% sure that they're not valid. I'm just doing some reading up to make sure I'm not missing something! Expect this to be merged in on Friday

@martinkoehler
Copy link
Author

Thanks. Take your time. Better to check than to be sorry.

@bvdbasch
Copy link

@tyndyll Thanks for looking into this. I agree with @martinkoehler that reading up on security should not be rushed. 👍🏻

@gedge gedge added the blocked label Sep 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shuebdalvi shuebdalvi shuebdalvi approved these changes

Assignees
No one assigned
Labels
blocked
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow use of privileged ports locally in Docker
5 participants
@martinkoehler @bvdbasch @tyndyll @shuebdalvi @gedge