You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems to be best practice nowadays to let services inside a container be run with user priviliges, as that - even when the container has no out-of-the-box capabilities to escape it like a docker socket - slightly reduces the attack surface. We could switch to non-root easily but will have to chmod the api-data directory in the process during upgrade.
The text was updated successfully, but these errors were encountered:
It seems to be best practice nowadays to let services inside a container be run with user priviliges, as that - even when the container has no out-of-the-box capabilities to escape it like a docker socket - slightly reduces the attack surface. We could switch to non-root easily but will have to
chmodtheapi-datadirectory in the process during upgrade.The text was updated successfully, but these errors were encountered: