-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathdocker-compose.yaml
77 lines (74 loc) · 1.43 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
volumes:
ssh-config:
sftp-data:
services:
config:
image: sftp-sftp
cap_add:
- LINUX_IMMUTABLE
- CHOWN
- DAC_OVERRIDE
profiles:
- config
volumes:
- ssh-config:/etc/ssh
entrypoint: ""
sftp:
image: sftp-sftp
build:
context: ./
restart: unless-stopped
volumes:
- ssh-config:/etc/ssh
- sftp-data:/data
ports:
- ${SFTP_PORT}:2000
environment:
- SFTP_KEYFILE_URL
- SFTP_USERS
labels:
- "backup-volume.stop-during-backup=true"
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SYS_CHROOT
- AUDIT_WRITE
- SETGID
- SETUID
- FOWNER
- KILL
### Unused capabilities:
# - AUDIT_CONTROL
# - AUDIT_READ
# - BLOCK_SUSPEND
# - DAC_READ_SEARCH
# - FSETID
# - IPC_LOCK
# - IPC_OWNER
# - LEASE
# - LINUX_IMMUTABLE
# - MAC_ADMIN
# - MAC_OVERRIDE
# - MKNOD
# - NET_ADMIN
# - NET_BIND_SERVICE
# - NET_BROADCAST
# - NET_RAW
# - SETFCAP
# - SETPCAP
# - SYS_ADMIN
# - SYS_BOOT
# - SYSLOG
# - SYS_MODULE
# - SYS_NICE
# - SYS_PACCT
# - SYS_PTRACE
# - SYS_RAWIO
# - SYS_RESOURCE
# - SYS_TIME
# - SYS_TTY_CONFIG
# - WAKE_ALARM