Skip to content

Commit 45efae9

Browse files
author
peruna
committed
Fix Mongo hardening for CI by restoring required capabilities
1 parent 3c50687 commit 45efae9

1 file changed

Lines changed: 6 additions & 1 deletion

File tree

compose.hardening.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,12 @@ services:
7474
<<: *harden
7575
mem_limit: "2g"
7676
cpus: "1.5"
77-
user: "999:999" # run as mongodb user
77+
# Keep default image user so entrypoint can read root-owned Docker secrets
78+
# (MONGO_INITDB_*_FILE) before dropping privileges.
79+
cap_add:
80+
- CHOWN
81+
- SETGID
82+
- SETUID
7883

7984
meilisearch:
8085
<<: *harden

0 commit comments

Comments
 (0)