Who knows...
This commit is contained in:
8
harden
8
harden
@@ -7,7 +7,7 @@
|
|||||||
# Using set to make the script safer
|
# Using set to make the script safer
|
||||||
set -e # Exit on error
|
set -e # Exit on error
|
||||||
set -u # Exit on undefined variable
|
set -u # Exit on undefined variable
|
||||||
set -x # Print commands for debugging
|
# set -x # Print commands for debugging
|
||||||
set -a # Export all variables
|
set -a # Export all variables
|
||||||
set -C # Disable overwriting of files
|
set -C # Disable overwriting of files
|
||||||
set -o pipefail # Exit on pipe error
|
set -o pipefail # Exit on pipe error
|
||||||
@@ -325,9 +325,9 @@ EOF
|
|||||||
# The runsc option --network=host and --ignore-cgroups=true will help with running runsc
|
# The runsc option --network=host and --ignore-cgroups=true will help with running runsc
|
||||||
# with rootless docker without much hassle
|
# with rootless docker without much hassle
|
||||||
sudo runuser - secdep -c 'mkdir -p /home/secdep/.config/docker'
|
sudo runuser - secdep -c 'mkdir -p /home/secdep/.config/docker'
|
||||||
# "icc": false to disable inter-container communication, does not work without br_netfilter module loaded
|
# "icc": false to disable inter-container communication, does not work without br_netfilter module loaded
|
||||||
# and it is sometimes prohibited by the hosting provider
|
# and it is sometimes prohibited by the hosting provider
|
||||||
# so we'll leave it out
|
# so we'll leave it out of the daemon config
|
||||||
DOCKERD_CONFIG=$(cat <<'EOF'
|
DOCKERD_CONFIG=$(cat <<'EOF'
|
||||||
{
|
{
|
||||||
"no-new-privileges": true,
|
"no-new-privileges": true,
|
||||||
|
|||||||
Reference in New Issue
Block a user