From 282aa11a70a7a709d7475a9c0cfac6d8619032f6 Mon Sep 17 00:00:00 2001 From: miracle091 Date: Thu, 10 Jun 2021 09:56:26 +0200 Subject: [PATCH] Aggiunta la flag no-new-privileges:true per una maggiore sicurezza per l'host e il container --- archivewarrior/README.md | 2 ++ archivewarrior/docker-compose.yml | 2 ++ dozzle/README.md | 2 ++ dozzle/docker-compose.yml | 2 ++ folding@home/README.md | 2 ++ folding@home/docker-compose.yml | 2 ++ gitea/README.md | 2 ++ gitea/docker-compose.yml | 2 ++ homer/README.md | 2 ++ homer/docker-compose.yml | 2 ++ jellyfin/README.md | 2 ++ jellyfin/docker-compose.yml | 2 ++ komga/README.md | 2 ++ komga/docker-compose.yml | 2 ++ metube/README.md | 2 ++ metube/docker-compose.yml | 2 ++ miniflux/README.md | 4 ++++ miniflux/docker-compose.yml | 4 ++++ navidrome/README.md | 2 ++ navidrome/docker-compose.yml | 2 ++ podgrab/README.md | 2 ++ podgrab/docker-compose.yml | 2 ++ syncthing/README.md | 2 ++ syncthing/docker-compose.yml | 2 ++ transmission/README.md | 2 ++ transmission/docker-compose.yml | 2 ++ unifi/README.md | 2 ++ unifi/docker-compose.yml | 2 ++ watchtower/README.md | 2 ++ watchtower/docker-compose.yml | 2 ++ 30 files changed, 64 insertions(+) diff --git a/archivewarrior/README.md b/archivewarrior/README.md index 83bcbd3..8fd7aa3 100644 --- a/archivewarrior/README.md +++ b/archivewarrior/README.md @@ -35,6 +35,8 @@ services: archivewarrior: container_name: archive-warrior image: archiveteam/warrior-dockerfile + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/archivewarrior/docker-compose.yml b/archivewarrior/docker-compose.yml index 5ae3d28..c9709b8 100644 --- a/archivewarrior/docker-compose.yml +++ b/archivewarrior/docker-compose.yml @@ -3,6 +3,8 @@ services: archivewarrior: container_name: archive-warrior image: archiveteam/warrior-dockerfile + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/dozzle/README.md b/dozzle/README.md index 4e1eb04..e46e7fa 100644 --- a/dozzle/README.md +++ b/dozzle/README.md @@ -35,6 +35,8 @@ services: dozzle: container_name: dozzle image: amir20/dozzle + security_opt: + - no-new-privileges:true restart: unless-stopped ports: - ${DOZZLE_WEBUI_PORT:-8080}:8080 diff --git a/dozzle/docker-compose.yml b/dozzle/docker-compose.yml index 3145f51..d1bbef3 100644 --- a/dozzle/docker-compose.yml +++ b/dozzle/docker-compose.yml @@ -3,6 +3,8 @@ services: dozzle: container_name: dozzle image: amir20/dozzle + security_opt: + - no-new-privileges:true restart: unless-stopped ports: - ${DOZZLE_WEBUI_PORT:-8080}:8080 diff --git a/folding@home/README.md b/folding@home/README.md index 6a7b854..0359ff2 100644 --- a/folding@home/README.md +++ b/folding@home/README.md @@ -39,6 +39,8 @@ services: fah: container_name: linuxserver-fah image: ghcr.io/linuxserver/foldingathome + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/folding@home/docker-compose.yml b/folding@home/docker-compose.yml index 1d9fdd6..654fabe 100644 --- a/folding@home/docker-compose.yml +++ b/folding@home/docker-compose.yml @@ -3,6 +3,8 @@ services: fah: container_name: linuxserver-fah image: ghcr.io/linuxserver/foldingathome + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/gitea/README.md b/gitea/README.md index a6527c9..8c9acc6 100644 --- a/gitea/README.md +++ b/gitea/README.md @@ -40,6 +40,8 @@ services: db: container_name: gitea-db image: postgres:13-alpine + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: always diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml index 92a4405..359fc15 100644 --- a/gitea/docker-compose.yml +++ b/gitea/docker-compose.yml @@ -3,6 +3,8 @@ services: db: container_name: gitea-db image: postgres:13-alpine + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: always diff --git a/homer/README.md b/homer/README.md index 7909852..9793df5 100644 --- a/homer/README.md +++ b/homer/README.md @@ -42,6 +42,8 @@ services: homer: container_name: homer image: b4bz/homer + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/homer/docker-compose.yml b/homer/docker-compose.yml index 2665992..a03d377 100644 --- a/homer/docker-compose.yml +++ b/homer/docker-compose.yml @@ -3,6 +3,8 @@ services: homer: container_name: homer image: b4bz/homer + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/jellyfin/README.md b/jellyfin/README.md index 10895b4..4706fb9 100644 --- a/jellyfin/README.md +++ b/jellyfin/README.md @@ -41,6 +41,8 @@ services: jellyfin: container_name: linuxserver-jellyfin image: ghcr.io/linuxserver/jellyfin + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/jellyfin/docker-compose.yml b/jellyfin/docker-compose.yml index bcc8728..f0ef07b 100644 --- a/jellyfin/docker-compose.yml +++ b/jellyfin/docker-compose.yml @@ -3,6 +3,8 @@ services: jellyfin: container_name: linuxserver-jellyfin image: ghcr.io/linuxserver/jellyfin + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/komga/README.md b/komga/README.md index 24777c7..f1ab963 100644 --- a/komga/README.md +++ b/komga/README.md @@ -42,6 +42,8 @@ services: komga: container_name: komga image: gotson/komga + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/komga/docker-compose.yml b/komga/docker-compose.yml index b302f7c..27c051b 100644 --- a/komga/docker-compose.yml +++ b/komga/docker-compose.yml @@ -3,6 +3,8 @@ services: komga: container_name: komga image: gotson/komga + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/metube/README.md b/metube/README.md index 675fe06..263aca8 100644 --- a/metube/README.md +++ b/metube/README.md @@ -38,6 +38,8 @@ services: metube: container_name: metube image: alexta69/metube + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/metube/docker-compose.yml b/metube/docker-compose.yml index fc5000c..206d1f9 100644 --- a/metube/docker-compose.yml +++ b/metube/docker-compose.yml @@ -3,6 +3,8 @@ services: metube: container_name: metube image: alexta69/metube + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/miniflux/README.md b/miniflux/README.md index ff1202d..87f0064 100644 --- a/miniflux/README.md +++ b/miniflux/README.md @@ -39,6 +39,8 @@ services: db: container_name: miniflux-db image: postgres:13-alpine + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: always @@ -56,6 +58,8 @@ services: feeder: container_name: miniflux image: ghcr.io/miniflux/miniflux + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/miniflux/docker-compose.yml b/miniflux/docker-compose.yml index b9714ba..caaa760 100644 --- a/miniflux/docker-compose.yml +++ b/miniflux/docker-compose.yml @@ -3,6 +3,8 @@ services: db: container_name: miniflux-db image: postgres:13-alpine + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: always @@ -20,6 +22,8 @@ services: feeder: container_name: miniflux image: ghcr.io/miniflux/miniflux + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/navidrome/README.md b/navidrome/README.md index c355802..9b783df 100644 --- a/navidrome/README.md +++ b/navidrome/README.md @@ -41,6 +41,8 @@ services: navidrome: container_name: navidrome image: deluan/navidrome + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/navidrome/docker-compose.yml b/navidrome/docker-compose.yml index 94836b7..97074d4 100644 --- a/navidrome/docker-compose.yml +++ b/navidrome/docker-compose.yml @@ -3,6 +3,8 @@ services: navidrome: container_name: navidrome image: deluan/navidrome + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/podgrab/README.md b/podgrab/README.md index 9bc8de1..ad58e83 100644 --- a/podgrab/README.md +++ b/podgrab/README.md @@ -41,6 +41,8 @@ services: podgrab: container_name: podgrab image: akhilrex/podgrab + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/podgrab/docker-compose.yml b/podgrab/docker-compose.yml index 5422c33..5ff4e95 100644 --- a/podgrab/docker-compose.yml +++ b/podgrab/docker-compose.yml @@ -3,6 +3,8 @@ services: podgrab: container_name: podgrab image: akhilrex/podgrab + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/syncthing/README.md b/syncthing/README.md index 8b590a0..b295232 100644 --- a/syncthing/README.md +++ b/syncthing/README.md @@ -40,6 +40,8 @@ services: syncthing: container_name: linuxserver-syncthing image: ghcr.io/linuxserver/syncthing + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/syncthing/docker-compose.yml b/syncthing/docker-compose.yml index e76bc99..65581bc 100644 --- a/syncthing/docker-compose.yml +++ b/syncthing/docker-compose.yml @@ -3,6 +3,8 @@ services: syncthing: container_name: linuxserver-syncthing image: ghcr.io/linuxserver/syncthing + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/transmission/README.md b/transmission/README.md index 720e025..8fd93cb 100644 --- a/transmission/README.md +++ b/transmission/README.md @@ -40,6 +40,8 @@ services: transmission: container_name: linuxserver-transmission image: ghcr.io/linuxserver/transmission + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/transmission/docker-compose.yml b/transmission/docker-compose.yml index 5bb6c2e..190ec15 100644 --- a/transmission/docker-compose.yml +++ b/transmission/docker-compose.yml @@ -3,6 +3,8 @@ services: transmission: container_name: linuxserver-transmission image: ghcr.io/linuxserver/transmission + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/unifi/README.md b/unifi/README.md index 83e7187..ca36333 100644 --- a/unifi/README.md +++ b/unifi/README.md @@ -38,6 +38,8 @@ services: unifi: container_name: linuxserver-unifi image: ghcr.io/linuxserver/unifi-controller + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/unifi/docker-compose.yml b/unifi/docker-compose.yml index b3c26bf..0249c70 100644 --- a/unifi/docker-compose.yml +++ b/unifi/docker-compose.yml @@ -3,6 +3,8 @@ services: unifi: container_name: linuxserver-unifi image: ghcr.io/linuxserver/unifi-controller + security_opt: + - no-new-privileges:true networks: - custom-bridge restart: unless-stopped diff --git a/watchtower/README.md b/watchtower/README.md index 75f2ba0..4113ce5 100644 --- a/watchtower/README.md +++ b/watchtower/README.md @@ -37,6 +37,8 @@ services: watchtower: container_name: watchtower image: containrrr/watchtower + security_opt: + - no-new-privileges:true restart: unless-stopped env_file: .env volumes: diff --git a/watchtower/docker-compose.yml b/watchtower/docker-compose.yml index c3ca964..e2b9718 100644 --- a/watchtower/docker-compose.yml +++ b/watchtower/docker-compose.yml @@ -3,6 +3,8 @@ services: watchtower: container_name: watchtower image: containrrr/watchtower + security_opt: + - no-new-privileges:true restart: unless-stopped env_file: .env volumes: