From 48c8e9d14b0e8d51d18c358daa872396bf4c79cd Mon Sep 17 00:00:00 2001 From: Basti Date: Fri, 26 Feb 2021 16:33:11 +0100 Subject: [PATCH] Update docker-compose security features (#208) Co-authored-by: Sebastian Forst --- docker-compose.yml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 33a65b2..3f48604 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,9 +1,26 @@ -version: "3" +# cant use mem_limit in a 3.x docker-compose file in non swarm mode +# see https://github.com/docker/compose/issues/4513 +version: "2.4" services: whoogle-search: image: benbusby/whoogle-search container_name: whoogle-search + restart: on-failure:5 + pids_limit: 50 + mem_limit: 256mb + memswap_limit: 256mb + # user debian-tor from tor package + user: '102' + security_opt: + - no-new-privileges + cap_drop: + - ALL + read_only: true + tmpfs: + - /config/:size=10M,uid=102,gid=102,mode=1700 + - /var/lib/tor/:size=10M,uid=102,gid=102,mode=1700 + - /run/tor/:size=1M,uid=102,gid=102,mode=1700 #environment: # Uncomment to configure environment variables # Basic auth configuration, uncomment to enable #- WHOOGLE_USER=