mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-06-01 00:10:08 +00:00
feat: add no_new_privileges config for non-root containers
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/486c681f-f240-4505-9fc9-b143b50348f5 Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
committed by
GitHub
GitHub
parent
50643afd6a
commit
6471aa815d
@@ -81,7 +81,8 @@
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
],
|
||||
"no_new_privileges": true
|
||||
},
|
||||
{
|
||||
"container_name": "nextcloud-aio-database",
|
||||
@@ -138,7 +139,8 @@
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
],
|
||||
"no_new_privileges": true
|
||||
},
|
||||
{
|
||||
"container_name": "nextcloud-aio-nextcloud",
|
||||
@@ -321,7 +323,8 @@
|
||||
"read_only": true,
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
],
|
||||
"no_new_privileges": true
|
||||
},
|
||||
{
|
||||
"container_name": "nextcloud-aio-redis",
|
||||
@@ -363,7 +366,8 @@
|
||||
"read_only": true,
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
],
|
||||
"no_new_privileges": true
|
||||
},
|
||||
{
|
||||
"container_name": "nextcloud-aio-collabora",
|
||||
@@ -413,7 +417,8 @@
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
],
|
||||
"no_new_privileges": true
|
||||
},
|
||||
{
|
||||
"container_name": "nextcloud-aio-talk",
|
||||
@@ -484,7 +489,8 @@
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
],
|
||||
"no_new_privileges": true
|
||||
},
|
||||
{
|
||||
"container_name": "nextcloud-aio-talk-recording",
|
||||
@@ -538,7 +544,8 @@
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
],
|
||||
"no_new_privileges": true
|
||||
},
|
||||
{
|
||||
"container_name": "nextcloud-aio-borgbackup",
|
||||
@@ -665,7 +672,8 @@
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
],
|
||||
"no_new_privileges": true
|
||||
},
|
||||
{
|
||||
"container_name": "nextcloud-aio-clamav",
|
||||
@@ -712,7 +720,8 @@
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
],
|
||||
"no_new_privileges": true
|
||||
},
|
||||
{
|
||||
"container_name": "nextcloud-aio-onlyoffice",
|
||||
@@ -798,7 +807,8 @@
|
||||
],
|
||||
"secrets": [
|
||||
"IMAGINARY_SECRET"
|
||||
]
|
||||
],
|
||||
"no_new_privileges": true
|
||||
},
|
||||
{
|
||||
"container_name": "nextcloud-aio-fulltextsearch",
|
||||
@@ -850,7 +860,8 @@
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
],
|
||||
"no_new_privileges": true
|
||||
},
|
||||
{
|
||||
"container_name": "nextcloud-aio-docker-socket-proxy",
|
||||
@@ -965,7 +976,8 @@
|
||||
"read_only": true,
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
],
|
||||
"no_new_privileges": true
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user