Skip to content

Docker Security Overhaul: Dropping capabilities #41

New issue
New issue
Open
Task
Open
Docker Security Overhaul: Dropping capabilities#41
Task
Labels
- Admin -Enjoyable to Install and Setup our SoftwareSecurityPublicly Connected to Security
@josecelano

Description

@josecelano
josecelano
opened on Apr 14, 2025

Remove capabilities from services with:

    cap_drop:
      - ALL

For example:

# docker-compose.yaml
version: "3.8"

services:
  db:
    image: mysql:latest
    container_name: db
    env_file:
      - .env
    restart: unless-stopped
    privileged: false
    user: "1000:1000"
    cap_drop:
      - ALL
    ports:
      - "3306:3306"
    volumes:
      - ./tmp:/tmp
      - ./mysqld:/var/run/mysqld/

Metadata

Metadata

Assignees

No one assigned

    Labels

    - Admin -Enjoyable to Install and Setup our SoftwareSecurityPublicly Connected to Security

    Type

    Task

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions