github-mirror/project-nomad
1
0
Fork 0
mirror of https://github.com/Crosstalk-Solutions/project-nomad.git synced 2026-04-03 15:26:16 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(security): also disable Dozzle container actions

Browse Source 
Dozzle runs on port 9999 with no authentication. DOZZLE_ENABLE_ACTIONS
allows anyone on the LAN to stop/restart containers. NOMAD already
handles container management through its own admin UI.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Chris Sherwood 2026-03-14 20:43:38 -07:00 committed by Jake Turner
parent e2a34129c9
commit ddf08a6df8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
install/management_compose.yaml
View File

@ -51,7 +51,7 @@ services:
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock # Allows Dozzle to read logs from the Host's Docker daemon - /var/run/docker.sock:/var/run/docker.sock # Allows Dozzle to read logs from the Host's Docker daemon
environment: environment:
- DOZZLE_ENABLE_ACTIONS=true # Enables the action buttons (restart, stop, etc.) - DOZZLE_ENABLE_ACTIONS=false # Disabled — unauthenticated container stop/restart on LAN
- DOZZLE_ENABLE_SHELL=false # Disabled — shell access + Docker socket = privilege escalation - DOZZLE_ENABLE_SHELL=false # Disabled — shell access + Docker socket = privilege escalation
mysql: mysql:
image: mysql:8.0 image: mysql:8.0