Home Explore Help
Register Sign In
fphammerle
/
docker-onion-service
mirror of https://github.com/fphammerle/docker-onion-service
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

docker-compose & ansible-playbook: drop capabilities

Fabian Peter Hammerle 3 years ago
parent
300b6bfd21
commit
508bed3889
3 changed files with 5 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      CHANGELOG.md
  2. 2 0
      ansible-playbook.yml
  3. 1 0
      docker-compose.yml

+ 2 - 0
CHANGELOG.md
View File 

@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
 ## [Unreleased]
 
+### Fixed
 
+- docker-compose & ansible-playbook: drop capabilities
 
 
 ## [1.1.0] - 2020-10-01
 
 ### Added

+ 2 - 0
ansible-playbook.yml
View File 

@@ -11,5 +11,7 @@
 
         VIRTUAL_PORT: 80
 
         TARGET: 1.2.3.4:8080
 
       volumes: ['onion_service_key:/onion-service']
 
+      cap_drop: [ALL]
 
+      security_opts: [no-new-privileges]
 
       memory: 128M
 
       restart_policy: unless-stopped

+ 1 - 0
docker-compose.yml
View File 

@@ -12,6 +12,7 @@ services:
 
     environment:
 
       VIRTUAL_PORT: 80
 
       TARGET: 1.2.3.4:8080
 
+    cap_drop: [ALL]
 
     security_opt: [no-new-privileges]
 
     cpus: 0.5
 
     mem_limit: 128m