@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
+### Fixed
+- docker-compose & ansible-playbook: drop capabilities
## [1.1.0] - 2020-10-01
### Added
@@ -11,5 +11,7 @@
VIRTUAL_PORT: 80
TARGET: 1.2.3.4:8080
volumes: ['onion_service_key:/onion-service']
+ cap_drop: [ALL]
+ security_opts: [no-new-privileges]
memory: 128M
restart_policy: unless-stopped
@@ -12,6 +12,7 @@ services:
environment:
security_opt: [no-new-privileges]
cpus: 0.5
mem_limit: 128m