From 4122460dfd659d568acad4c3cb700ed919b875cf Mon Sep 17 00:00:00 2001
From: Jan Friedli
Date: Sun, 5 Apr 2020 20:51:38 +0200
Subject: document the no-new-privileges flag

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 0abbf42..5ed5859 100644
--- a/README.md
+++ b/README.md
@@ -202,7 +202,7 @@ This does mount the upload folder as tmpfs and servers the app on `localhost:818
 ##### Podman
 Build: `podman build -f Dockerfile.production -t matweb-podman .`
 
-Run: `podman run -ti -p8181:8080 --read-only  --tmpfs /tmp --tmpfs /run/uwsgi --tmpfs=/app/upload  matweb-podman:latest`
+Run: `podman run -ti -p8181:8080 --read-only  --tmpfs /tmp --tmpfs /run/uwsgi --tmpfs=/app/upload  --security-opt=no-new-privileges  matweb-podman:latest`
 
 # Configuration
 
-- 
cgit v1.3