docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon MobSF

docker.md: drop caps and set nonewpriv flag

Open disconnect3d opened this issue 1 year ago • 2 comments

This commit adds the --security-opt no-new-privileges:true --cap-drop=ALL flags to the docker run invocations so that the container runs with lower privileges and cannot gain more of them via suid binaries.

See also:

  • https://man7.org/linux/man-pages/man7/capabilities.7.html
  • https://www.kernel.org/doc/html/latest/userspace-api/no_new_privs.html

disconnect3d avatar Jul 26 '22 12:07 disconnect3d