Description
OS: Ubuntu 22.04.5 LTS
Docker version: 28.1.0
Docker Compose version: v2.34.0
Docker-java version: 3.5.0
🐞 Issue
When inspecting a Docker container using the docker-java client, I encounter the following exception:
java.lang.RuntimeException: com.fasterxml.jackson.databind.exc.InvalidFormatException: Cannot deserialize value of type `com.github.dockerjava.api.model.Capability` from String "CAP_DAC_READ_SEARCH": not one of the values accepted for Enum class: [ALL, SYS_BOOT, DAC_OVERRIDE, NET_RAW, BLOCK_SUSPEND, FOWNER, IPC_LOCK, IPC_OWNER, SYS_PACCT, NET_BIND_SERVICE, WAKE_ALARM, FSETID, DAC_READ_SEARCH, SYS_CHROOT, AUDIT_READ, SYS_RAWIO, SYS_ADMIN, KILL, MAC_ADMIN, SYS_RESOURCE, CHOWN, PERFMON, SETPCAP, SYS_PTRACE, NET_ADMIN, SETFCAP, SYS_NICE, LINUX_IMMUTABLE, BPF, AUDIT_CONTROL, LEASE, AUDIT_WRITE, SYS_MODULE, MKNOD, SYSLOG, MAC_OVERRIDE, SYS_TIME, SETGID, SETUID, CHECKPOINT_RESTORE, SYS_TTY_CONFIG, NET_BROADCAST]
This occurs when deserializing the CapAdd field from InspectContainerResponse.
📄 Example Code
public Object inspectContainer(String containerName) {
String containerId = getCurrentIdForContainer(containerName);
return dockerClient.inspectContainerCmd(containerId).exec();
}
🔍 Analysis
The deserialization fails because Docker returns capabilities with the CAP_ prefix (e.g., CAP_DAC_READ_SEARCH), but the Capability enum in docker-java omits that prefix (e.g., DAC_READ_SEARCH).
According to the Docker capabilities documentation and types.go, Docker capabilities are typically listed with the CAP_ prefix.
The Capability enum here: https://javadoc.io/static/com.github.docker-java/docker-java/3.0.6/index.html?com/github/dockerjava/api/model/Capability.html
...does not align directly with the string values Docker returns.
✅ Suggested Fix
Could the enum Capability be enhanced to:
Support @JsonCreator to allow aliasing/deserialization of names with the CAP_ prefix?
Or alternatively, normalize the incoming capability strings before deserialization?
This would improve compatibility when parsing real-world Docker API responses, and prevent failures like the one above.