daenamnu/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-05-28 14:30:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3377 from nextcloud/enh/noid/drop-net-raw

Browse Source
This commit is contained in:
Simon L
2023-09-27 13:06:38 +02:00
committed by GitHub
parent 3e25acce24 bcced0b176
commit 8e4678fe82
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
php/src/Docker/DockerActionManager.php
View File

@@ -476,6 +476,9 @@ class DockerActionManager
$requestBody['HostConfig']['CapAdd'] = $capAdds;
}
// Disable arp spoofing
$requestBody['HostConfig']['CapDrop'] = ['NET_RAW'];
if ($container->isApparmorUnconfined()) {
$requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
}