hardening - add no-new-privileges

2021-05-18 21:35:58 +02:00
parent d9bb97be50
commit 73543f4b0e
8 changed files with 16 additions and 14 deletions
--- a/examples/hardened/docker-compose.yml
+++ b/examples/hardened/docker-compose.yml
@@ -7,11 +7,9 @@ services:
    # dropping all capabilities
    cap_drop:
      - ALL
-    # root fs as RO
-    read_only: true
-    # mandatory directories as RW
-    tmpfs:
-      - /tmp:mode=770,uid=0,gid=101
+    # disable setuid/setgid
+    security_opt:
+      - no-new-privileges
    restart: always
    ports:
      - 80:8080