kuanhulio e25622dac2 harden docker-compose.yml (#760) ...

`user: nobody`: the least privileged account.
`read_only: true`: this container doesn't write anything to the filesystem, this removes a vector.
`security_opt`: disallows the container to grab more privileges.
`cap_drop`: this container doesn't need any capabilities, drop them.
`networks`: put `libreddit` into its own network so it cannot see other containers by default.

2023-03-17 10:17:01 -06:00

442 B

Raw Blame History

View Raw