Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Think about switching some containers to readonlyrootfs #2506

Closed
17 of 18 tasks
szaimen opened this issue May 4, 2023 · 7 comments
Closed
17 of 18 tasks

Think about switching some containers to readonlyrootfs #2506

szaimen opened this issue May 4, 2023 · 7 comments
Labels
2. developing Work in progress enhancement New feature or request help wanted Extra attention is needed overview Overview of other issues security Security issues

Comments

@szaimen
Copy link
Collaborator

szaimen commented May 4, 2023

in order to improve the security

Important:
All locations where tmpfs are mounted need to have 777 applied beforehand (if running as non-root user). Otherwise it will not work.

Possible:

@szaimen szaimen added 1. to develop Accepted and waiting to be taken care of enhancement New feature or request help wanted Extra attention is needed labels May 4, 2023
@szaimen szaimen added 2. developing Work in progress and removed 1. to develop Accepted and waiting to be taken care of labels Jun 3, 2023
@szaimen szaimen added the security Security issues label Jun 6, 2023
@szaimen szaimen modified the milestones: next, v6.1.0 Jun 6, 2023
@szaimen
Copy link
Collaborator Author

szaimen commented Jun 6, 2023

Redis is now read-only which is released with v6.1.0 Beta. Testing and feedback is welcome! See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel

@szaimen
Copy link
Collaborator Author

szaimen commented Jun 19, 2023

Borg, imaginary, watchtower and clamav are now also read-only which is released with v6.2.0 Beta. Testing and feedback is welcome! See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel

@szaimen
Copy link
Collaborator Author

szaimen commented Jul 14, 2023

Apache, domaincheck, postgresql, talk and talk-recording are now also read-only which is released with v6.3.0 Beta. Testing and feedback is welcome! See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel

@sriccio
Copy link

sriccio commented Jul 16, 2023

Hmm, by curiositry, what's the goal for the containers to be read only ? What are the advantages for this ?

@sriccio
Copy link

sriccio commented Jul 17, 2023

Hello @szaimen,

Oh, thanks for the link. Sounds great indeed.

Kind regards

@szaimen
Copy link
Collaborator Author

szaimen commented Aug 10, 2023

Mastercontainer will be done in #3137

@szaimen szaimen closed this as completed Aug 10, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 25, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
2. developing Work in progress enhancement New feature or request help wanted Extra attention is needed overview Overview of other issues security Security issues
Projects
None yet
Development

No branches or pull requests

2 participants