mirror of
https://github.com/nextcloud/all-in-one.git
synced 2025-09-17 03:57:47 +08:00
Drop NET_RAW from all containers in manual
#3377 drops NET_RAW from all containers, but this doesn't appear to have been adopted into the manual mode. Signed-off-by: Joshua Hesketh <josh@hesketh.net.au>
This commit is contained in:
Joshua Hesketh
Joshua Hesketh
parent
1cce2e535f
commit
1e26613960
2 changed files with 75 additions and 3 deletions
|
|
@ -45,6 +45,8 @@ services:
|
|||
- /usr/local/apache2/logs
|
||||
- /tmp
|
||||
- /home/www-data
|
||||
cap_drop:
|
||||
- NET_RAW
|
||||
|
||||
nextcloud-aio-database:
|
||||
image: nextcloud/aio-postgresql:latest
|
||||
|
|
@ -68,6 +70,8 @@ services:
|
|||
read_only: true
|
||||
tmpfs:
|
||||
- /var/run/postgresql
|
||||
cap_drop:
|
||||
- NET_RAW
|
||||
|
||||
nextcloud-aio-nextcloud:
|
||||
depends_on:
|
||||
|
|
@ -149,6 +153,8 @@ services:
|
|||
restart: unless-stopped
|
||||
networks:
|
||||
- nextcloud-aio
|
||||
cap_drop:
|
||||
- NET_RAW
|
||||
|
||||
nextcloud-aio-notify-push:
|
||||
image: nextcloud/aio-notify-push:latest
|
||||
|
|
@ -170,6 +176,8 @@ services:
|
|||
networks:
|
||||
- nextcloud-aio
|
||||
read_only: true
|
||||
cap_drop:
|
||||
- NET_RAW
|
||||
|
||||
nextcloud-aio-redis:
|
||||
image: nextcloud/aio-redis:latest
|
||||
|
|
@ -185,6 +193,8 @@ services:
|
|||
networks:
|
||||
- nextcloud-aio
|
||||
read_only: true
|
||||
cap_drop:
|
||||
- NET_RAW
|
||||
|
||||
nextcloud-aio-collabora:
|
||||
image: nextcloud/aio-collabora:latest
|
||||
|
|
@ -205,6 +215,8 @@ services:
|
|||
- nextcloud-aio
|
||||
cap_add:
|
||||
- MKNOD
|
||||
cap_drop:
|
||||
- NET_RAW
|
||||
|
||||
nextcloud-aio-talk:
|
||||
image: nextcloud/aio-talk:latest
|
||||
|
|
@ -234,6 +246,8 @@ services:
|
|||
- /opt/eturnal/run
|
||||
- /conf
|
||||
- /tmp
|
||||
cap_drop:
|
||||
- NET_RAW
|
||||
|
||||
nextcloud-aio-talk-recording:
|
||||
image: nextcloud/aio-talk-recording:latest
|
||||
|
|
@ -255,6 +269,8 @@ services:
|
|||
tmpfs:
|
||||
- /tmp
|
||||
- /conf
|
||||
cap_drop:
|
||||
- NET_RAW
|
||||
|
||||
nextcloud-aio-clamav:
|
||||
image: nextcloud/aio-clamav:latest
|
||||
|
|
@ -276,6 +292,8 @@ services:
|
|||
- /var/lock
|
||||
- /var/log/clamav
|
||||
- /tmp
|
||||
cap_drop:
|
||||
- NET_RAW
|
||||
|
||||
nextcloud-aio-onlyoffice:
|
||||
image: nextcloud/aio-onlyoffice:latest
|
||||
|
|
@ -294,6 +312,8 @@ services:
|
|||
- onlyoffice
|
||||
networks:
|
||||
- nextcloud-aio
|
||||
cap_drop:
|
||||
- NET_RAW
|
||||
|
||||
nextcloud-aio-imaginary:
|
||||
image: nextcloud/aio-imaginary:latest
|
||||
|
|
@ -305,6 +325,8 @@ services:
|
|||
restart: unless-stopped
|
||||
cap_add:
|
||||
- SYS_NICE
|
||||
cap_drop:
|
||||
- NET_RAW
|
||||
profiles:
|
||||
- imaginary
|
||||
networks:
|
||||
|
|
@ -336,6 +358,8 @@ services:
|
|||
- fulltextsearch
|
||||
networks:
|
||||
- nextcloud-aio
|
||||
cap_drop:
|
||||
- NET_RAW
|
||||
|
||||
volumes:
|
||||
nextcloud_aio_apache:
|
||||
|
|
|
|||
|
|
@ -65,6 +65,9 @@
|
|||
"/usr/local/apache2/logs",
|
||||
"/tmp",
|
||||
"/home/www-data"
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
@ -112,6 +115,9 @@
|
|||
"read_only": true,
|
||||
"tmpfs": [
|
||||
"/var/run/postgresql"
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
@ -226,6 +232,9 @@
|
|||
],
|
||||
"networks": [
|
||||
"nextcloud-aio"
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
@ -263,7 +272,10 @@
|
|||
"networks": [
|
||||
"nextcloud-aio"
|
||||
],
|
||||
"read_only": true
|
||||
"read_only": true,
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
},
|
||||
{
|
||||
"container_name": "nextcloud-aio-redis",
|
||||
|
|
@ -295,7 +307,10 @@
|
|||
"networks": [
|
||||
"nextcloud-aio"
|
||||
],
|
||||
"read_only": true
|
||||
"read_only": true,
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
},
|
||||
{
|
||||
"container_name": "nextcloud-aio-collabora",
|
||||
|
|
@ -328,6 +343,9 @@
|
|||
],
|
||||
"cap_add": [
|
||||
"MKNOD"
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
@ -380,6 +398,9 @@
|
|||
"/opt/eturnal/run",
|
||||
"/conf",
|
||||
"/tmp"
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
@ -414,6 +435,9 @@
|
|||
"tmpfs": [
|
||||
"/tmp",
|
||||
"/conf"
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
@ -472,6 +496,9 @@
|
|||
"cap_add": [
|
||||
"SYS_ADMIN"
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
],
|
||||
"apparmor_unconfined": true,
|
||||
"read_only": true,
|
||||
"tmpfs": [
|
||||
|
|
@ -494,7 +521,10 @@
|
|||
"writeable": false
|
||||
}
|
||||
],
|
||||
"read_only": true
|
||||
"read_only": true,
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
},
|
||||
{
|
||||
"container_name": "nextcloud-aio-domaincheck",
|
||||
|
|
@ -521,6 +551,9 @@
|
|||
"tmpfs": [
|
||||
"/etc/lighttpd",
|
||||
"/var/www/domaincheck"
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
@ -556,6 +589,9 @@
|
|||
"/var/lock",
|
||||
"/var/log/clamav",
|
||||
"/tmp"
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
@ -594,6 +630,9 @@
|
|||
],
|
||||
"networks": [
|
||||
"nextcloud-aio"
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
@ -613,6 +652,9 @@
|
|||
"cap_add": [
|
||||
"SYS_NICE"
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
],
|
||||
"profiles": [
|
||||
"imaginary"
|
||||
],
|
||||
|
|
@ -662,6 +704,9 @@
|
|||
],
|
||||
"secrets": [
|
||||
"FULLTEXTSEARCH_PASSWORD"
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
@ -685,6 +730,9 @@
|
|||
"read_only": true,
|
||||
"tmpfs": [
|
||||
"/tmp"
|
||||
],
|
||||
"cap_drop": [
|
||||
"NET_RAW"
|
||||
]
|
||||
}
|
||||
]
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue