From 7d0bf4584c0da540ea992a6f340b12ef633a7c68 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Mon, 27 Jun 2022 00:11:07 +0200
Subject: [PATCH] fix(mok): Add missing DAC_OVERWRITE capability to postfix

---
 charts/mok/Chart.yaml  | 2 +-
 charts/mok/README.md   | 3 ++-
 charts/mok/values.yaml | 2 ++
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/charts/mok/Chart.yaml b/charts/mok/Chart.yaml
index 04bbecdd1..7ca8ae232 100644
--- a/charts/mok/Chart.yaml
+++ b/charts/mok/Chart.yaml
@@ -3,7 +3,7 @@ name: mok
 description: |
   Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that runs without a database server on Kubernetes, taking advantage of configmaps and secret.
 type: application
-version: 0.1.1
+version: 0.1.2
 sources:
   - https://de.postfix.org/ftpmirror/index.html
   - https://github.com/dovecot/core
diff --git a/charts/mok/README.md b/charts/mok/README.md
index 6a4f25fb9..92a513173 100644
--- a/charts/mok/README.md
+++ b/charts/mok/README.md
@@ -1,6 +1,6 @@
 # mok
 
-![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that runs without a database server on Kubernetes, taking advantage of configmaps and secret.
 
@@ -72,6 +72,7 @@ Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that run
 | postfix.securityContext.capabilities.add[3] | string | `"SETUID"` | required to change user id as supervisord as well as postfix |
 | postfix.securityContext.capabilities.add[4] | string | `"SETGID"` | required to change group id as supervisord as well as postfix |
 | postfix.securityContext.capabilities.add[5] | string | `"FOWNER"` | required to set up the chroot directory on startup |
+| postfix.securityContext.capabilities.add[6] | string | `"DAC_OVERRIDE"` | required to setup TLS and alike |
 | postfix.securityContext.capabilities.drop[0] | string | `"ALL"` | getting rid of all capabilities since we already have too many |
 | postfix.securityContext.runAsNonRoot | bool | `false` |  |
 | postfix.service.public.type | string | `"LoadBalancer"` | type of the public endpoint for smtp, submission, and submissions. **Note**: It's configured to share the IP with dovecot in case of metallb |
diff --git a/charts/mok/values.yaml b/charts/mok/values.yaml
index aaf828446..63b7b95d5 100644
--- a/charts/mok/values.yaml
+++ b/charts/mok/values.yaml
@@ -69,6 +69,8 @@ postfix:
         - SETGID
         # -- required to set up the chroot directory on startup
         - FOWNER
+        # -- required to setup TLS and alike
+        - DAC_OVERRIDE
       drop:
         # -- getting rid of all capabilities since we already have too many
         - ALL
-- 
GitLab