Commit c956b397 authored by mh's avatar mh
Browse files

run the container process as arbitrary user, but with the same GID as the hosting

parent a17066e8
...@@ -106,6 +106,8 @@ define webhosting::container( ...@@ -106,6 +106,8 @@ define webhosting::container(
}, },
}, },
run_flags => { run_flags => {
'userns' => 'keep-id',
'user' => '1000:GID',
'security-opt-label-type' => 'httpd_container_rw_content', 'security-opt-label-type' => 'httpd_container_rw_content',
}, },
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment