Issue granting python permissions for rootless access to the HCI interface inside custom-cont-init.d script

Hello everyone!

I’m trying to modify the Home Assitant image to grant python some permissions.
So I’ve created a script named python-permissions in /config/custom-cont-init.d


echo "***** changing python permissions *****"

setcap 'cap_net_raw,cap_net_admin+eip' `readlink -f \`which python3\``
getcap `readlink -f \`which python3\``

The script is found and seems to be executed correctly.

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 50-config: executing...
[cont-init.d] 50-config: exited 0.
[cont-init.d] 60-usb-gid: executing...
[cont-init.d] 60-usb-gid: exited 0.
[cont-init.d] 90-custom-folders: executing...
[cont-init.d] 90-custom-folders: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] files found in /config/custom-cont-init.d executing
[custom-init] python-permissions: executing...
***** changing python permissions *****
/usr/bin/python3.9 cap_net_admin,cap_net_raw=eip
[custom-init] python-permissions: exited 0
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

As you can see, the getcap command here returns what I would expect. But when I exec into the container that same command gives another result.

pi@raspberrypi:~/docker $ docker exec -it homeassistant bash
root@raspberrypi:/#  getcap `readlink -f \`which python3\``
/usr/bin/python3.9 cap_net_bind_service=ep
root@raspberrypi:/# ls
app  config    dev          etc   init  libexec  mnt  pip-packages  root  sbin  sys  usr
bin  defaults  docker-mods  home  lib   media    opt  proc          run   srv   tmp  var

I must be missing something…

Can someone help with this please?