diff options
| author | Jan Friedli | 2020-03-28 15:22:31 +0100 |
|---|---|---|
| committer | Jan Friedli | 2020-05-09 21:21:47 +0200 |
| commit | f8368c1b4d6b8a9f1e49a8e713753710c48c468d (patch) | |
| tree | c4b69d203e47aea85fd41a4365a348f4755092f9 | |
| parent | e53ea9a05167ac9b93594bb1335cae1f2a0afe1f (diff) | |
tested if --security-opt=no-new-privileges works
| -rw-r--r-- | README.md | 4 |
1 files changed, 2 insertions, 2 deletions
| @@ -205,9 +205,9 @@ repository: https://0xacab.org/jvoisin/mat2-web/container_registry | |||
| 205 | ### Building the production image | 205 | ### Building the production image |
| 206 | Build command: `docker build -f Dockerfile.production -t mat-web .` | 206 | Build command: `docker build -f Dockerfile.production -t mat-web .` |
| 207 | 207 | ||
| 208 | Run it: ` docker run -ti -p8181:8080 --read-only --tmpfs /tmp --tmpfs=/var/www/mat2-web/uploads mat-web:latest` | 208 | Run it: ` docker run -ti -p8181:8080 --security-opt=no-new-privileges --read-only --tmpfs /tmp --tmpfs=/var/www/mat2-web/uploads mat-web:latest` |
| 209 | 209 | ||
| 210 | This does mount the upload folder as tmpfs and servers the app on `localhost:8181` | 210 | This does mount the upload folder as tmpfs and servers the app on `localhost:8181`. |
| 211 | 211 | ||
| 212 | # Configuration | 212 | # Configuration |
| 213 | 213 | ||