third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-04-12 15:17:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

container: Drop privileges

Browse Source 
A container is best served with the least amount of privileges. This
also ensures we don't have to drop anything later.

This does require running the container with elevated capabilities.

Note, that if for whatever reason, 'root' access within the container is
needed, this can easily be accomplished by running the container with
`docker run --user root:root sslh` for example.

Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
This commit is contained in:
Olliver Schinagl 2023-06-05 22:44:42 +02:00
parent db5ed29fa2
commit 9dd560493a
No known key found for this signature in database
GPG Key ID: 96E1A3A6C9044763
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -22,3 +22,5 @@ RUN apk --no-cache add libconfig pcre2
COPY "./container-entrypoint.sh" "/init"
ENTRYPOINT [ "/init" ]
USER nobody:nogroup

2
README.md
View File

@ -47,6 +47,8 @@ How to use
```bash
docker run \
--cap-add CAP_NET_RAW \
--cap-add CAP_NET_BIND_SERVICES \
--rm \
-it \
ghcr.io/yrutschle/sslh:latest \