coryHawkvelt
/
docker-bind
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Locked down permissions for /etc/bind to absolutely needed ones, while still making sure mapped volumes have the needed permissions to start the container

This commit is contained in:
Ventz Petkov 2020-05-12 02:04:44 -04:00
parent b2983bd53f
commit d8691b7076
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
container/entrypoint.sh
View File

@ -5,8 +5,8 @@ OPTIONS=$@
# The first time around, it will not be owned by named:named, and thus it won't be writable # The first time around, it will not be owned by named:named, and thus it won't be writable
chown -R root:named /etc/bind /var/run/named chown -R root:named /etc/bind /var/run/named
chown -R named:named /var/cache/bind chown -R named:named /var/cache/bind
chmod 770 /var/cache/bind /var/run/named chmod -R 770 /etc/bind /var/cache/bind /var/run/named
chmod -R 750 /etc/bind find /etc/bind /var/cache/bind -type f -exec chmod 640 -- {} +
# By default - run in foreground and log to STDERR (console) # By default - run in foreground and log to STDERR (console)
# can be changed by running container with: -e "BIND_LOG=-f" # can be changed by running container with: -e "BIND_LOG=-f"
exec /usr/sbin/named -c /etc/bind/named.conf $BIND_LOG -u named $OPTIONS exec /usr/sbin/named -c /etc/bind/named.conf $BIND_LOG -u named $OPTIONS