finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make mautrix-whatsapp run as non-root and w/o capabilities

Browse Source
This commit is contained in:
Slavi Pantaleev
2019-01-28 15:55:58 +02:00
parent 8a3f942d93
commit bf10331456
3 changed files with 27 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
roles/matrix-synapse/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2
View File

@ -11,10 +11,13 @@ ExecStartPre=-/usr/bin/docker kill matrix-mautrix-whatsapp
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-whatsapp
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
--log-driver=none \
-e "UID={{ matrix_user_uid }}" -e "GID={{ matrix_user_gid }}" \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_mautrix_whatsapp_base_path }}:/data:z \
{{ matrix_mautrix_whatsapp_docker_image }}
--workdir=/data \
{{ matrix_mautrix_whatsapp_docker_image }} \
/usr/bin/mautrix-whatsapp
ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp
ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp
Restart=always