The docker compose in the readme recommends setting 2 suspicious values.
privileged: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
As far as I can tell from the code, there isn't any need to have privileged mode enabled, nor is there any advantage of having the /var/run/docker.sock bind mount inside the container. There are only security risks if the container gets compromised.
Is there something I'm not seeing? or could these values be made more secure?
---
services:
lab-dash:
container_name: lab-dash
image: ghcr.io/anthonygress/lab-dash:latest
privileged: true
#network_mode: host # for monitoring network usage stats. run `sudo ufw allow 2022/tcp` on ubuntu to allow access through firewall
ports:
- 2022:2022
environment:
- SECRET=YOUR_SECRET_KEY # any random string for used for encryption.
# You can run `openssl rand -base64 32` to generate a key
volumes:
- /sys:/sys:ro
- /docker/lab-dash/config:/config
- /docker/lab-dash/uploads:/app/public/uploads
- /var/run/docker.sock:/var/run/docker.sock
restart: unless-stopped
The docker compose in the readme recommends setting 2 suspicious values.
As far as I can tell from the code, there isn't any need to have privileged mode enabled, nor is there any advantage of having the /var/run/docker.sock bind mount inside the container. There are only security risks if the container gets compromised.
Is there something I'm not seeing? or could these values be made more secure?