Nginx needs CHOWN, SETUID, SETGID to chown cache directories and drop privileges on startup. LND UI additionally needs NET_BIND_SERVICE to bind port 80 inside the container. Without these, cap-drop ALL causes nginx to crash with "Operation not permitted" on chown or bind. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
21 KiB
Executable File
21 KiB
Executable File