From 521fb007dd2c4e720e223d01891fd00e00337fce Mon Sep 17 00:00:00 2001
From: TheSpad <git@spad.co.uk>
Date: Wed, 30 Nov 2022 15:40:18 +0000
Subject: [PATCH] Add log entry if SYS_MODULE cap can be removed

---
 root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run b/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run
index 2e4d435..27b7463 100755
--- a/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run
@@ -9,6 +9,9 @@ if ip link add dev test type wireguard; then
   echo "**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****"
   SKIP_COMPILE="true"
   ip link del dev test
+    if capsh --print | grep -qv '\!cap_sys_module'; then
+      echo "**** As the wireguard module is already active you can remove the SYS_MODULE capability from your container run/compose. ****"
+    fi
 else
   echo "**** The wireguard module is not active, will attempt kernel header install and module compilation. If you believe that your kernel should have wireguard support already, make sure that it is activated via modprobe! ****"
 fi