GhostManager · domwhewell · Nov 9, 2023 · Nov 9, 2023 · Nov 9, 2023
diff --git a/compose/local/django/Dockerfile b/compose/local/django/Dockerfile
@@ -21,6 +21,8 @@ RUN apk --no-cache add build-base curl \
     # Rust and Cargo required by the ``cryptography`` Python package
     && apk --no-cache add rust \
     && apk --no-cache add cargo \
+    # Nmap required by the ``python-nmap`` Python package.
+    && apk --no-cache add nmap \
     && pip install --no-cache-dir -U setuptools pip
 
 COPY ./requirements /requirements

diff --git a/compose/production/django/Dockerfile b/compose/production/django/Dockerfile
@@ -17,6 +17,8 @@ RUN apk --no-cache add build-base curl \
     # Rust and Cargo required by the ``cryptography`` Python package
     && apk --no-cache add rust \
     && apk --no-cache add cargo \
+    # Nmap required by the ``python-nmap`` Python package. libcap used to set the capabilities of nmap so root is not required
+    && apk --no-cache add nmap libcap \
     && addgroup -S django \
     && adduser -S -G django django \
     && pip install --no-cache-dir -U setuptools pip
@@ -46,6 +48,11 @@ RUN sed -i 's/\r//' /start-queue \
     && chmod +x /start-queue \
     && chown django /start-queue
 
+RUN chown django:django /usr/bin/nmap \
+    && chmod 750 /usr/bin/nmap
+
+RUN setcap cap_net_raw,cap_net_bind_service+eip /usr/bin/nmap
+
 COPY ./compose/production/django/seed_data /seed_data
 
 RUN sed -i 's/\r$//g' /seed_data \

diff --git a/production.yml b/production.yml
@@ -53,6 +53,7 @@ services:
       - POSTGRES_USER=${POSTGRES_USER}
       - REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT}/0
       - WEB_CONCURRENCY=${DJANGO_WEB_CONCURRENCY}
+      - NMAP_PRIVILEGED=""
     healthcheck:
       test: curl --insecure --fail https://nginx/status/simple/ || exit 1
       interval: ${HEALTHCHECK_INTERVAL}