tested if --security-opt=no-new-privileges works

This commit is contained in:
Jan Friedli 2020-03-28 15:22:31 +01:00
parent e53ea9a051
commit f8368c1b4d
No known key found for this signature in database
GPG key ID: F945FA2FCA30549D

View file

@ -205,9 +205,9 @@ repository: https://0xacab.org/jvoisin/mat2-web/container_registry
### Building the production image
Build command: `docker build -f Dockerfile.production -t mat-web .`
Run it: ` docker run -ti -p8181:8080 --read-only --tmpfs /tmp --tmpfs=/var/www/mat2-web/uploads mat-web:latest`
Run it: ` docker run -ti -p8181:8080 --security-opt=no-new-privileges --read-only --tmpfs /tmp --tmpfs=/var/www/mat2-web/uploads mat-web:latest`
This does mount the upload folder as tmpfs and servers the app on `localhost:8181`
This does mount the upload folder as tmpfs and servers the app on `localhost:8181`.
# Configuration