dnrops
/
swift-nio
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

improve docker security (#1375) 

motivation: more secured ci setup

changes:
* enable :z selinux flag on bind mounts so we can enable selinux on ci
* drop potentially exploitable capabilities from docker-compose
This commit is contained in:
tomer doron 2020-01-31 23:40:06 -08:00 committed by GitHub
parent b4483e5c49
commit 25583d5ad8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docker/docker-compose.yaml
View File

@ -16,8 +16,11 @@ services:
depends_on: [runtime-setup]
volumes:
- ~/.ssh:/root/.ssh
- ..:/code
- ..:/code:z
working_dir: /code
cap_drop:
- CAP_NET_RAW
- CAP_NET_BIND_SERVICE
sanity:
<<: *common