Limited seccomp permissions for web-service

2025-04-29 05:39:26 +02:00 · 2022-12-30 13:03:15 +09:00 · 2022-12-30 13:03:15 +09:00 · ee5cd982c0
commit ee5cd982c0
parent 7616584e2b
17 changed files with 1567 additions and 32 deletions
--- a/docker-compose_v3_alpine_mysql_latest.yaml
+++ b/docker-compose_v3_alpine_mysql_latest.yaml
@ -390,8 +390,8 @@ services:
   - "10053:10053"
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
-  cap_add:
+  security_opt:
-   - SYS_ADMIN
+   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/docker-compose_v3_alpine_mysql_local.yaml
+++ b/docker-compose_v3_alpine_mysql_local.yaml
@ -484,8 +484,8 @@ services:
   - "10053:10053"
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
-  cap_add:
+  security_opt:
-   - SYS_ADMIN
+   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/docker-compose_v3_alpine_pgsql_latest.yaml
+++ b/docker-compose_v3_alpine_pgsql_latest.yaml
@ -385,8 +385,8 @@ services:
   - "10053:10053"
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
-  cap_add:
+  security_opt:
-   - SYS_ADMIN
+   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/docker-compose_v3_alpine_pgsql_local.yaml
+++ b/docker-compose_v3_alpine_pgsql_local.yaml
@ -490,8 +490,8 @@ services:
   - "10053:10053"
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
-  cap_add:
+  security_opt:
-   - SYS_ADMIN
+   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/docker-compose_v3_centos_mysql_latest.yaml
+++ b/docker-compose_v3_centos_mysql_latest.yaml
@ -388,10 +388,10 @@ services:
   - all
  ports:
   - "10053:10053"
  cap_add:
   - SYS_ADMIN
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
  security_opt:
   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/docker-compose_v3_centos_mysql_local.yaml
+++ b/docker-compose_v3_centos_mysql_local.yaml
@ -482,8 +482,8 @@ services:
   - "10053:10053"
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
-  cap_add:
+  security_opt:
-   - SYS_ADMIN
+   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/docker-compose_v3_centos_pgsql_latest.yaml
+++ b/docker-compose_v3_centos_pgsql_latest.yaml
@ -385,8 +385,8 @@ services:
   - "10053:10053"
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
-  cap_add:
+  security_opt:
-   - SYS_ADMIN
+   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/docker-compose_v3_centos_pgsql_local.yaml
+++ b/docker-compose_v3_centos_pgsql_local.yaml
@ -490,8 +490,8 @@ services:
   - "10053:10053"
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
-  cap_add:
+  security_opt:
-   - SYS_ADMIN
+   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/docker-compose_v3_ol_mysql_latest.yaml
+++ b/docker-compose_v3_ol_mysql_latest.yaml
@ -388,10 +388,10 @@ services:
   - all
  ports:
   - "10053:10053"
  cap_add:
   - SYS_ADMIN
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
  security_opt:
   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/docker-compose_v3_ol_mysql_local.yaml
+++ b/docker-compose_v3_ol_mysql_local.yaml
@ -482,8 +482,8 @@ services:
   - "10053:10053"
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
-  cap_add:
+  security_opt:
-   - SYS_ADMIN
+   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/docker-compose_v3_ol_pgsql_latest.yaml
+++ b/docker-compose_v3_ol_pgsql_latest.yaml
@ -385,8 +385,8 @@ services:
   - "10053:10053"
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
-  cap_add:
+  security_opt:
-   - SYS_ADMIN
+   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/docker-compose_v3_ol_pgsql_local.yaml
+++ b/docker-compose_v3_ol_pgsql_local.yaml
@ -490,8 +490,8 @@ services:
   - "10053:10053"
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
-  cap_add:
+  security_opt:
-   - SYS_ADMIN
+   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/docker-compose_v3_ubuntu_mysql_latest.yaml
+++ b/docker-compose_v3_ubuntu_mysql_latest.yaml
@ -382,8 +382,8 @@ services:
   - "10053:10053"
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
-  cap_add:
+  security_opt:
-   - SYS_ADMIN
+   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/docker-compose_v3_ubuntu_mysql_local.yaml
+++ b/docker-compose_v3_ubuntu_mysql_local.yaml
@ -476,8 +476,8 @@ services:
   - "10053:10053"
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
-  cap_add:
+  security_opt:
-   - SYS_ADMIN
+   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/docker-compose_v3_ubuntu_pgsql_latest.yaml
+++ b/docker-compose_v3_ubuntu_pgsql_latest.yaml
@ -379,8 +379,8 @@ services:
   - "10053:10053"
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
-  cap_add:
+  security_opt:
-   - SYS_ADMIN
+   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/docker-compose_v3_ubuntu_pgsql_local.yaml
+++ b/docker-compose_v3_ubuntu_pgsql_local.yaml
@ -484,8 +484,8 @@ services:
   - "10053:10053"
  volumes:
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
-  cap_add:
+  security_opt:
-   - SYS_ADMIN
+   - seccomp:./env_vars/chrome_dp.json
  deploy:
   resources:
    limits:
--- a/env_vars/chrome_dp.json
+++ b/env_vars/chrome_dp.json