690421:1611 Update ClamAV# #02

2026-04-21 16:11:22 +07:00
parent 72f28184ff
commit cf78e14709
1 changed files with 25 additions and 25 deletions
@@ -43,19 +43,19 @@ services:
    image: lcbp3-backend:${BACKEND_IMAGE_TAG:-latest}
    container_name: backend
    # M4: container hardening
-    user: 'node'
+    # user: 'node'
    # L1: stdin_open/tty removed — production services ไม่ต้องใช้ interactive TTY
-    read_only: true
+    # read_only: true
-    tmpfs:
+    # tmpfs:
-      - /tmp:rw,noexec,nosuid,size=256m
+    #   - /tmp:rw,noexec,nosuid,size=256m
-    security_opt:
+    # security_opt:
-      - no-new-privileges:true
+    #  - no-new-privileges:true
-    cap_drop:
+    # cap_drop:
-      - ALL
+    #   - ALL
-    cap_add:
+    # cap_add:
-      - CHOWN
+    #   - CHOWN
-      - SETUID
+    #   - SETUID
-      - SETGID
+    #  - SETGID
    deploy:
      resources:
        limits:
@@ -127,19 +127,19 @@ services:
    image: lcbp3-frontend:${FRONTEND_IMAGE_TAG:-latest}
    container_name: frontend
    # M4: container hardening (Next.js standalone runs as 'nextjs' user by default)
-    user: 'nextjs'
+    # user: 'nextjs'
-    read_only: true
+    # read_only: true
-    tmpfs:
+    # tmpfs:
-      - /tmp:rw,noexec,nosuid,size=128m
+    #   - /tmp:rw,noexec,nosuid,size=128m
-      - /app/.next/cache:rw,size=256m
+    #   - /app/.next/cache:rw,size=256m
-    security_opt:
+    # security_opt:
-      - no-new-privileges:true
+    #   - no-new-privileges:true
-    cap_drop:
+    # cap_drop:
-      - ALL
+    #   - ALL
-    cap_add:
+    # cap_add:
-      - CHOWN
+    #  - CHOWN
-      - SETUID
+    #   - SETUID
-      - SETGID
+    #   - SETGID
    # L1: stdin_open/tty removed
    deploy:
      resources: