From f8368c1b4d6b8a9f1e49a8e713753710c48c468d Mon Sep 17 00:00:00 2001
From: Jan Friedli <jan.friedli@immerda.ch>
Date: Sat, 28 Mar 2020 15:22:31 +0100
Subject: [PATCH] tested if --security-opt=no-new-privileges works

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 16990a4..3d6625f 100644
--- a/README.md
+++ b/README.md
@@ -205,9 +205,9 @@ repository: https://0xacab.org/jvoisin/mat2-web/container_registry
 ### Building the production image
 Build command: `docker build -f Dockerfile.production -t mat-web .`
 
-Run it: ` docker run -ti -p8181:8080 --read-only --tmpfs /tmp --tmpfs=/var/www/mat2-web/uploads  mat-web:latest`
+Run it: ` docker run -ti -p8181:8080 --security-opt=no-new-privileges --read-only --tmpfs /tmp --tmpfs=/var/www/mat2-web/uploads  mat-web:latest`
 
-This does mount the upload folder as tmpfs and servers the app on `localhost:8181`
+This does mount the upload folder as tmpfs and servers the app on `localhost:8181`.
 
 # Configuration