finallycoffee/matrix-docker-ansible-deploy
finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Restrict permissions of container

Browse Source
This commit is contained in:
Julian-Samuel Gebühr 2022-07-09 13:44:41 +02:00
parent bcd7ec714b
commit 05c1333ebb
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2
View File

@ -18,9 +18,9 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }}
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \
--log-driver=none \ --log-driver=none \
-e UID={{ matrix_user_uid }} \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-e GID={{ matrix_user_gid }} \
--read-only \ --read-only \
--cap-drop=ALL \
-v {{ matrix_bot_maubot_data_path }}:/data:z \ -v {{ matrix_bot_maubot_data_path }}:/data:z \
{% for arg in matrix_bot_maubot_container_extra_arguments %} {% for arg in matrix_bot_maubot_container_extra_arguments %}
{{ arg }} \ {{ arg }} \