diff options
| author | Paul Buetow <paul@buetow.org> | 2026-01-09 21:00:44 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-01-09 21:00:44 +0200 |
| commit | e44449bdee1c0c420769dae127bd07e3a9324f2d (patch) | |
| tree | 9c540ba7b082d764216e26a91ac9c6e523ce4738 /f3s/git-server | |
| parent | d3c11ac436ec7f15cf17eb9df08049cc80c40b65 (diff) | |
Remove SETUID/SETGID capabilities from cgit container
cgit doesn't need privilege escalation capabilities when running
as UID 33 with writable /tmp for runtime files.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Diffstat (limited to 'f3s/git-server')
| -rw-r--r-- | f3s/git-server/helm-chart/templates/deployment.yaml | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/f3s/git-server/helm-chart/templates/deployment.yaml b/f3s/git-server/helm-chart/templates/deployment.yaml index d83baf7..759794b 100644 --- a/f3s/git-server/helm-chart/templates/deployment.yaml +++ b/f3s/git-server/helm-chart/templates/deployment.yaml @@ -119,7 +119,6 @@ spec: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] - add: ["SETGID", "SETUID"] resources: requests: cpu: 50m |