imap-download: fix fetchmail (we think)

images/imap-download/Dockerfile

@@ -6,7 +6,8 @@ FROM ${REPO_LOCATION}minideb
 RUN install_packages ca-certificates fetchmail procmail inotify-tools mpack
 RUN mkdir /srv/home \
 	&& ln -s /mnt/fetchmailrc /srv/home/.fetchmailrc \
-	&& mkdir /tmp/maildir
+	&& mkdir /tmp/maildir \
+	&& useradd --system --home=/srv/home --uid=10000 --gid=10000 fetchmail
 
 ENV HOME /srv/home
 
@@ -23,7 +24,4 @@ VOLUME /mnt/output
 #	idle
 #	ssl
 
-
-USER 10000:10000
-
 ENTRYPOINT [ "/srv/run.sh" ]

images/imap-download/run.sh

@@ -1,5 +1,12 @@
 #!/usr/bin/env bash
 
+
+dir_newmail="/tmp/maildir/Mail/new";
+target_dir="/mnt/output";
+
+fetchmail_uid="$(id -u "fetchmail")";
+fetchmail_gid="$(id -g "fetchmail")";
+
 temp_dir="$(mktemp --tmpdir -d "imap-download-XXXXXXX")";
 on_exit() {
 	rm -rf "${temp_dir}";
@@ -7,15 +14,33 @@ on_exit() {
 trap on_exit EXIT;
 
 do_fetchmail() {
-	fetchmail --mda "/usr/bin/procmail -m /srv/procmail.conf";
+	log_msg "Starting fetchmail";
+	
+	while :; do
+		# Ref https://github.com/SinusBot/docker/pull/40
+		# WORKAROUND for `setpriv: libcap-ng is too old for "all" caps`, previously "-all" was used here
+		# create a list to drop all capabilities supported by current kernel
+		cap_prefix="-cap_";
+		caps="$cap_prefix$(seq -s ",$cap_prefix" 0 "$(cat /proc/sys/kernel/cap_last_cap)")";
+
+		setpriv --inh-caps="${caps}" --reuid "${fetchmail_uid}" --clear-groups --regid "${fetchmail_gid}" fetchmail --mda "/usr/bin/procmail -m /srv/procmail.conf";
+		exit_code="$?";
+		if [[ "$exit_code" -eq 127 ]]; then
+			log_msg "setpriv failed, exiting with code 127";
+			exit 127;
+		fi 
+		
+		log_msg "Fetchmail exited with code ${exit_code}, sleeping 60 seconds";
+		sleep 60
+	done
 }
 
 log_msg() {
 	echo "$(date -u +"%Y-%m-%d %H:%M:%S") imap-download: $*";
 }
 
-dir_newmail="/tmp/maildir/Mail/new";
-target_dir="/mnt/output";
+
+mkdir -p "${dir_newmail}";
 
 do_attachments() {
 	while :; do # : = infinite loop