You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+2-5Lines changed: 2 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -58,7 +58,6 @@ The architectures supported by this image are:
58
58
59
59
The application can be accessed at:
60
60
61
-
*http://yourhost:3000/
62
61
*https://yourhost:3001/
63
62
64
63
### Strict reverse proxies
@@ -79,6 +78,8 @@ By default, this container has no authentication. The optional `CUSTOM_USER` and
79
78
80
79
The web interface includes a terminal with passwordless `sudo` access. Any user with access to the GUI can gain root control within the container, install arbitrary software, and probe your local network.
81
80
81
+
While not generally recommended, certain legacy environments specifically those with older hardware or outdated Linux distributions may require the deactivation of the standard seccomp profile to get containerized desktop software to run. This can be achieved by utilizing the `--security-opt seccomp=unconfined` parameter. It is critical to use this option only when absolutely necessary as it disables a key security layer of Docker, elevating the potential for container escape vulnerabilities.
82
+
82
83
### Options in all Selkies-based GUI containers
83
84
84
85
This container is based on [Docker Baseimage Selkies](https://github.com/linuxserver/docker-baseimage-selkies), which provides the following environment variables and run configurations to customize its functionality.
@@ -223,8 +224,6 @@ services:
223
224
container_name: mullvad-browser
224
225
cap_add:
225
226
- NET_ADMIN
226
-
security_opt:
227
-
- seccomp:unconfined #optional
228
227
environment:
229
228
- PUID=1000
230
229
- PGID=1000
@@ -245,7 +244,6 @@ services:
245
244
docker run -d \
246
245
--name=mullvad-browser \
247
246
--cap-add=NET_ADMIN \
248
-
--security-opt seccomp=unconfined `#optional` \
249
247
-e PUID=1000 \
250
248
-e PGID=1000 \
251
249
-e TZ=Etc/UTC \
@@ -272,7 +270,6 @@ Containers are configured using parameters passed at runtime (such as those abov
272
270
|`-e LOCAL_NET=192.168.0.0/16`| If using a VPN, set this to your local LAN IP range using CIDR notation. Without it you will be unable to access the web interface. If you have multiple ranges or a complex LAN setup you will need to manage this yourself in the wg0.conf, see the App Setup section for details. |
273
271
|`-v /config`| Users home directory in the container, stores local files and settings |
274
272
|`--shm-size=`| This is needed for any modern website to function like youtube. |
275
-
|`--security-opt seccomp=unconfined`| For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker. |
276
273
|`--cap-add=NET_ADMIN`| Neccessary for Wireguard to create its VPN interface. |
Copy file name to clipboardExpand all lines: readme-vars.yml
-4Lines changed: 0 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -29,9 +29,6 @@ cap_add_param_vars:
29
29
opt_param_usage_include_env: true
30
30
opt_param_env_vars:
31
31
- {env_var: "LOCAL_NET", env_value: "192.168.0.0/16", desc: "If using a VPN, set this to your local LAN IP range using CIDR notation. Without it you will be unable to access the web interface. If you have multiple ranges or a complex LAN setup you will need to manage this yourself in the wg0.conf, see the App Setup section for details."}
32
-
opt_security_opt_param: true
33
-
opt_security_opt_param_vars:
34
-
- {run_var: "seccomp=unconfined", compose_var: "seccomp:unconfined", desc: "For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker."}
0 commit comments