mirror of
https://github.com/tommytran732/Vaultwarden-Docker-Compose
synced 2024-11-25 13:31:33 -05:00
Run postgres unprivileged
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
50f860913c
commit
3cef449bea
@ -53,15 +53,14 @@ services:
|
|||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- vaultwarden
|
- vaultwarden
|
||||||
|
user: "70:70"
|
||||||
|
read_only: true
|
||||||
|
tmpfs:
|
||||||
|
- /var/run/postgresql:size=50M,mode=0770,uid=70,gid=70,noexec,nosuid,nodev
|
||||||
security_opt:
|
security_opt:
|
||||||
- no-new-privileges:true
|
- no-new-privileges:true
|
||||||
cap_drop:
|
cap_drop:
|
||||||
- ALL
|
- ALL
|
||||||
cap_add:
|
|
||||||
- CHOWN
|
|
||||||
- DAC_READ_SEARCH
|
|
||||||
- SETGID
|
|
||||||
- SETUID
|
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
postgres:
|
postgres:
|
||||||
|
Loading…
Reference in New Issue
Block a user