Who knows...
This commit is contained in:
8
harden
8
harden
@@ -7,7 +7,7 @@
|
||||
# Using set to make the script safer
|
||||
set -e # Exit on error
|
||||
set -u # Exit on undefined variable
|
||||
set -x # Print commands for debugging
|
||||
# set -x # Print commands for debugging
|
||||
set -a # Export all variables
|
||||
set -C # Disable overwriting of files
|
||||
set -o pipefail # Exit on pipe error
|
||||
@@ -325,9 +325,9 @@ EOF
|
||||
# The runsc option --network=host and --ignore-cgroups=true will help with running runsc
|
||||
# with rootless docker without much hassle
|
||||
sudo runuser - secdep -c 'mkdir -p /home/secdep/.config/docker'
|
||||
# "icc": false to disable inter-container communication, does not work without br_netfilter module loaded
|
||||
# and it is sometimes prohibited by the hosting provider
|
||||
# so we'll leave it out
|
||||
# "icc": false to disable inter-container communication, does not work without br_netfilter module loaded
|
||||
# and it is sometimes prohibited by the hosting provider
|
||||
# so we'll leave it out of the daemon config
|
||||
DOCKERD_CONFIG=$(cat <<'EOF'
|
||||
{
|
||||
"no-new-privileges": true,
|
||||
|
||||
Reference in New Issue
Block a user