vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2025-12-07 01:26:11 -08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
b0bd3c81913eeef0582e073a9e1463f0910220d8
NetAlertX/docs/docker-troubleshooting/read-only-filesystem.md
Adam Outler 8edef9e852 All errors have documentation links
2025-10-31 22:24:31 +00:00

1.2 KiB
Raw Blame History

Read-Only Filesystem Mode

Issue Description

The container is running as read-write instead of read-only mode. This reduces the security hardening of the appliance.

Security Ramifications

Read-only root filesystem is a security best practice that prevents malicious modifications to the container's filesystem. Running read-write allows potential attackers to modify system files or persist malware within the container.

Why You're Seeing This Issue

This occurs when the Docker configuration doesn't mount the root filesystem as read-only. The application is designed as a security appliance that should prevent filesystem modifications.

How to Correct the Issue

Enable read-only mode:

  • In docker-compose.yml, add: read_only: true
  • For docker run, use: --read-only
  • Ensure necessary directories are mounted as writable volumes (tmp, logs, etc.)

Additional Resources

Docker Compose setup can be complex. We recommend starting with the default docker-compose.yml as a base and modifying it incrementally.

For detailed Docker Compose configuration guidance, see: DOCKER_COMPOSE.md