mirror of
https://codeberg.org/video-prize-ranch/rimgo.git
synced 2025-12-20 23:18:53 +00:00
9b5af0aeb6
`user: nobody`: the least privileged account. `read_only: true`: this container doesn't write anything to the filesystem, this removes a vector. `security_opt`: disallows the container to grab more privileges. `cap_drop`: this container doesn't need any capabilities, drop them. `networks`: put `rimgo` into its own network so it cannot see other containers by default. Reviewed-on: https://codeberg.org/video-prize-ranch/rimgo/pulls/99 Co-authored-by: kuantum <kuantum@noreply.codeberg.org> Co-committed-by: kuantum <kuantum@noreply.codeberg.org>
452 B
452 B