daenamnu/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-05-28 06:20:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

drop NET_RAW from all containers

Browse Source 
Signed-off-by: Simon L <szaimen@e.mail.de>
This commit is contained in:
Simon L
2023-09-19 21:26:11 +02:00
parent 133a7500f9
commit bcced0b176
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
php/src/Docker/DockerActionManager.php
View File

@@ -476,6 +476,9 @@ class DockerActionManager
$requestBody['HostConfig']['CapAdd'] = $capAdds;
}
// Disable arp spoofing
$requestBody['HostConfig']['CapDrop'] = ['NET_RAW'];
if ($container->isApparmorUnconfined()) {
$requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
}