mirror/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-10-30 23:07:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update changelog

Browse Source
This commit is contained in:
Slavi Pantaleev
2019-01-28 15:57:57 +02:00
parent bf10331456
commit 9c09978ecd
1 changed files with 2 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGELOG.md
View File

@@ -4,13 +4,10 @@
To improve security, this playbook no longer starts container processes as the `root` user.
Usually, most containers were dropping privileges anyway, but by the time they do that, we were trusting them with `root` privileges.
Most containers were dropping privileges anyway, but we were trusting them with `root` privileges until they would do that.
Not anymore -- container processes now start as a non-root user (usually `matrix`) from the get-go.
The only images that we still start as `root` and trust to drop privileges are the optional bridge extensions (disabled by default):
- [tulir/mautrix-telegram](https://hub.docker.com/r/tulir/mautrix-telegram)
- [tulir/mautrix-whatsapp](https://hub.docker.com/r/tulir/mautrix-whatsapp)
For additional security, various [capabilities are also dropped](https://github.com/projectatomic/atomic-site/issues/203) for all containers.
## matrix-mailer is now based on Exim, not Postfix