nextcloud/all-in-one
1
1
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-01-24 06:29:19 +08:00
Code Issues Projects Releases Packages Wiki Activity

drop NET_RAW from all containers

Browse source 
Signed-off-by: Simon L <szaimen@e.mail.de>
This commit is contained in:
Simon L 2023-09-19 21:26:11 +02:00
parent 133a7500f9
commit bcced0b176
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
php/src/Docker/DockerActionManager.php
View file

@ -476,6 +476,9 @@ class DockerActionManager
$requestBody['HostConfig']['CapAdd'] = $capAdds;
}
// Disable arp spoofing
$requestBody['HostConfig']['CapDrop'] = ['NET_RAW'];
if ($container->isApparmorUnconfined()) {
$requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
}