cfg/templates at 11f9957c110304b35979faea2d00bad801c0d629 - cfg

History

Dustin be1042cda7 nut: Do not run as privileged container The only privilege NUT needs is access to the USB device nodes. Using a device CGroup rule to allow this is significantly better than disabling all restrictions. Especially since I discovered that `--privileged` implies `--security-opt label=disable`, effectively disabling SELinux confinement of the container.	2024-01-14 19:24:55 -06:00
..
common	nut: Apply udev rules on the host	2024-01-14 19:24:55 -06:00
nut	nut: Do not run as privileged container	2024-01-14 19:24:55 -06:00

Dustin be1042cda7 nut: Do not run as privileged container

The only privilege NUT needs is access to the USB device nodes.  Using a
device CGroup rule to allow this is significantly better than disabling
all restrictions.  Especially since I discovered that `--privileged`
implies `--security-opt label=disable`, effectively disabling SELinux
confinement of the container.

2024-01-14 19:24:55 -06:00

common

nut: Apply udev rules on the host

2024-01-14 19:24:55 -06:00

nut

nut: Do not run as privileged container

2024-01-14 19:24:55 -06:00