From 82ea2c996ed3136544a906280c208b7fe400a21d Mon Sep 17 00:00:00 2001
From: Martin Kennedy <mkennedy@pcc.com>
Date: Thu, 11 Nov 2021 20:24:22 -0500
Subject: [PATCH] feat: Build with CAP_NET_RAW by default to simplify rootless
 use

See also the README regarding use.
---
 Dockerfile | 3 ++-
 README.md  | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index d8a3533..3b5754d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,8 +5,9 @@ RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o /go/bin/ping_expo
 
 FROM alpine:latest
 ENV CONFIG_FILE "/config/config.yml"
-RUN apk --no-cache add ca-certificates
+RUN apk --no-cache add ca-certificates libcap
 WORKDIR /app
 COPY --from=builder /go/bin/ping_exporter .
+RUN setcap cap_net_raw+ep /app/ping_exporter
 CMD ./ping_exporter --config.path $CONFIG_FILE
 EXPOSE 9427
diff --git a/README.md b/README.md
index aba4919..daf4c5f 100644
--- a/README.md
+++ b/README.md
@@ -146,6 +146,8 @@ On Linux systems `CAP_NET_RAW` is required to run `ping_exporter` as unprivilige
 # setcap cap_net_raw+ep /path/to/ping_exporter
 ```
 
+When run through a rootless Docker implementation on Linux, the flag `--cap-add=CAP_NET_RAW` should be added to the `docker run` invocation.
+
 ### Docker
 
 https://hub.docker.com/r/czerwonk/ping_exporter