From e93ed889df4a1aead62244848b85b07cbbcb6cb4 Mon Sep 17 00:00:00 2001
From: Christian Mehlmauer <firefart@gmail.com>
Date: Thu, 27 Apr 2017 10:36:56 +0200
Subject: [PATCH 1/2] run msfconsole as non root user in docker

---
 docker-compose.yml |  2 +-
 docker/Dockerfile  | 13 +++++++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 3611bf5276..05fa58c774 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,7 +12,7 @@ services:
     ports:
       - 4444:4444
     volumes:
-      - $HOME/.msf4:/root/.msf4
+      - $HOME/.msf4:/home/msf/.msf4
 
   db:
     image: postgres:9.6
diff --git a/docker/Dockerfile b/docker/Dockerfile
index c1e98a592f..54256520d2 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -3,6 +3,7 @@ MAINTAINER Rapid7
 
 ARG BUNDLER_ARGS="--jobs=8 --without development test coverage"
 ENV APP_HOME /usr/src/metasploit-framework/
+ENV MSF_USER msf
 WORKDIR $APP_HOME
 
 COPY Gemfile* m* Rakefile $APP_HOME
@@ -16,6 +17,7 @@ RUN apk update && \
       # needed as long as metasploit-framework.gemspec contains a 'git ls'
       git \
       ncurses \
+      libcap \
     && apk add --virtual .ruby-builddeps \
       autoconf \
       bison \
@@ -32,12 +34,19 @@ RUN apk update && \
       yaml-dev \
       zlib-dev \
       ncurses-dev \
-      bison \
-      autoconf \
     && echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
     && bundle install --system $BUNDLER_ARGS \
     && apk del .ruby-builddeps \
     && rm -rf /var/cache/apk/*
 
+# fix for robots gem not readable (known bug)
+# https://github.com/rapid7/metasploit-framework/issues/6068
+RUN chmod o+r /usr/local/bundle/gems/robots-*/lib/robots.rb
+
+RUN adduser -g msfconsole -D $MSF_USER
+
+USER $MSF_USER
+
 ADD ./ $APP_HOME
+
 CMD ["./msfconsole", "-r", "docker/msfconsole.rc"]

From eb525840cd872290b80c831943514b52da31a1a0 Mon Sep 17 00:00:00 2001
From: Christian Mehlmauer <firefart@gmail.com>
Date: Thu, 27 Apr 2017 10:55:03 +0200
Subject: [PATCH 2/2] add caps to ruby

---
 docker/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 54256520d2..ea0abc5371 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -45,6 +45,8 @@ RUN chmod o+r /usr/local/bundle/gems/robots-*/lib/robots.rb
 
 RUN adduser -g msfconsole -D $MSF_USER
 
+RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)
+
 USER $MSF_USER
 
 ADD ./ $APP_HOME