Skip to content

Commit 80a91d7

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #27273 from sftim/20210328_restrict_privileges_local_preview
Run local container previews with minimal privileges
2 parents 11537e9 + 6214d89 commit 80a91d7

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ container-build: module-check
6868
$(CONTAINER_RUN) --read-only --mount type=tmpfs,destination=/tmp,tmpfs-mode=01777 $(CONTAINER_IMAGE) sh -c "npm ci && hugo --minify"
6969

7070
container-serve: module-check ## Boot the development server using container. Run `make container-image` before this.
71-
$(CONTAINER_RUN) --read-only --mount type=tmpfs,destination=/tmp,tmpfs-mode=01777 -p 1313:1313 $(CONTAINER_IMAGE) hugo server --buildFuture --bind 0.0.0.0 --destination /tmp/hugo --cleanDestinationDir
71+
$(CONTAINER_RUN) --cap-drop=ALL --cap-add=AUDIT_WRITE --read-only --mount type=tmpfs,destination=/tmp,tmpfs-mode=01777 -p 1313:1313 $(CONTAINER_IMAGE) hugo server --buildFuture --bind 0.0.0.0 --destination /tmp/hugo --cleanDestinationDir
7272

7373
test-examples:
7474
scripts/test_examples.sh install

0 commit comments

Comments
 (0)