From 72f28184ff437b65dabf441ba866405d87d20e3f Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 21 Apr 2026 15:49:13 +0700 Subject: [PATCH] fix(infra): resolve container startup failures with minimal capabilities - Add CHOWN, SETUID, SETGID capabilities to backend container - Add CHOWN, SETUID, SETGID capabilities to frontend container - Maintain security hardening while allowing health checks to function - Fix 'cannot start a stopped process: unknown' Docker error - Containers need minimal capabilities for health checks and logging --- .../QNAP/app/docker-compose-app.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/app/docker-compose-app.yml b/specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/app/docker-compose-app.yml index 6c01d8b..4597619 100644 --- a/specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/app/docker-compose-app.yml +++ b/specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/app/docker-compose-app.yml @@ -52,6 +52,10 @@ services: - no-new-privileges:true cap_drop: - ALL + cap_add: + - CHOWN + - SETUID + - SETGID deploy: resources: limits: @@ -132,6 +136,10 @@ services: - no-new-privileges:true cap_drop: - ALL + cap_add: + - CHOWN + - SETUID + - SETGID # L1: stdin_open/tty removed deploy: resources: @@ -210,3 +218,9 @@ services: timeout: 30s retries: 3 start_period: 300s + +# sudo chown -R 100:101 /share/np-dms/data/logs/clamav +# sudo chmod -R 755 /share/np-dms/data/logs/climax + +# sudo chown -R 100:101 /share/np-dms/clamav/data +# sudo chmod -R 775 /share/np-dms/clamav/data