Home Explore Help
Register Sign In
fphammerle
/
docker-tor-obfs4-bridge
mirror of https://github.com/fphammerle/docker-tor-obfs4-bridge
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

ansible-playbook: rename data volume to avoid collision with container name, drop capabilities & block gaining new privileges

Fabian Peter Hammerle 3 years ago
parent
b2362330ee
commit
aa4fbfac01
2 changed files with 8 additions and 1 deletions
Split View Show Diff Stats
  1. 5 0
      CHANGELOG.md
  2. 3 1
      ansible-playbook.yml

+ 5 - 0
CHANGELOG.md
View File 

@@ -5,6 +5,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
 ## [Unreleased]
 
+### Fixed
 
+- ansible-playbook:
 
+  - rename data volume to avoid collision with container name
 
+  - drop capabilities
 
+  - block gaining new privileges
 
 
 ## [1.0.0] - 2020-09-27
 
 ### Added

+ 3 - 1
ansible-playbook.yml
View File 

@@ -15,7 +15,7 @@
 
         PT_PORT: '{{ pt_port }}'
 
         CONTACT_INFO: '{{ contact_info }}'
 
       volumes:
 
-      - tor_obfs4_bridge:/var/lib/tor
 
+      - tor_obfs4_bridge_data:/var/lib/tor
 
       mounts:
 
       - type: tmpfs
 
         target: /tmp # torrc
 
@@ -26,5 +26,7 @@
 
       ports:
 
       - '{{ or_port }}:{{ or_port }}'
 
       - '{{ pt_port }}:{{ pt_port }}'
 
+      cap_drop: [ALL]
 
+      security_opts: [no-new-privileges]
 
       memory: 256M
 
       restart_policy: unless-stopped