np-dms/lcbp3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(infra): resolve container startup failures with minimal capabilities
CI / CD Pipeline / build (push) Successful in 5m0s
Details
CI / CD Pipeline / deploy (push) Failing after 56s
Details

Browse Source 
- Add CHOWN, SETUID, SETGID capabilities to backend container
- Add CHOWN, SETUID, SETGID capabilities to frontend container
- Maintain security hardening while allowing health checks to function
- Fix 'cannot start a stopped process: unknown' Docker error
- Containers need minimal capabilities for health checks and logging
This commit is contained in:
admin
2026-04-21 15:49:13 +07:00
parent 486aca08a8
commit 72f28184ff
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/app/docker-compose-app.yml
+14
View File
@@ -52,6 +52,10 @@ services:
- no-new-privileges:true - no-new-privileges:true
cap_drop: cap_drop:
- ALL - ALL
cap_add:
- CHOWN
- SETUID
- SETGID
deploy: deploy:
resources: resources:
limits: limits:
@@ -132,6 +136,10 @@ services:
- no-new-privileges:true - no-new-privileges:true
cap_drop: cap_drop:
- ALL - ALL
cap_add:
- CHOWN
- SETUID
- SETGID
# L1: stdin_open/tty removed # L1: stdin_open/tty removed
deploy: deploy:
resources: resources:
@@ -210,3 +218,9 @@ services:
timeout: 30s timeout: 30s
retries: 3 retries: 3
start_period: 300s start_period: 300s
# sudo chown -R 100:101 /share/np-dms/data/logs/clamav
# sudo chmod -R 755 /share/np-dms/data/logs/climax
# sudo chown -R 100:101 /share/np-dms/clamav/data
# sudo chmod -R 775 /share/np-dms/clamav/data