mirror of
https://github.com/jokob-sk/NetAlertX.git
synced 2026-03-30 23:03:03 -07:00
38 lines
1010 B
YAML
38 lines
1010 B
YAML
# Expected outcome: Priming fails without CAP_CHOWN when caps are fully dropped
|
|
# - Container should exit fatally during priming
|
|
# - Logs must explain CAP_CHOWN requirement and link to troubleshooting docs
|
|
services:
|
|
netalertx:
|
|
network_mode: host
|
|
build:
|
|
context: ../../../
|
|
dockerfile: Dockerfile
|
|
image: netalertx-test
|
|
container_name: netalertx-test-mount-cap_chown_missing
|
|
cap_drop:
|
|
- CHOWN
|
|
cap_add:
|
|
- SETUID
|
|
- SETGID
|
|
- NET_RAW
|
|
- NET_ADMIN
|
|
# Intentionally drop CHOWN to prove failure path while leaving defaults intact
|
|
environment:
|
|
LISTEN_ADDR: 0.0.0.0
|
|
PORT: 9999
|
|
APP_CONF_OVERRIDE: 20212
|
|
ALWAYS_FRESH_INSTALL: true
|
|
NETALERTX_DEBUG: 0
|
|
PUID: 20211
|
|
PGID: 20211
|
|
|
|
volumes:
|
|
- type: volume
|
|
source: test_netalertx_data
|
|
target: /data
|
|
read_only: false
|
|
tmpfs:
|
|
- "/tmp:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
|
volumes:
|
|
test_netalertx_data:
|