Use read-only root for docker containers.

2023-08-31 21:21:14 -04:00 · 2023-08-31 21:21:14 -04:00 · 4a556bc84f
commit 4a556bc84f
parent 9bf2a912d6
2 changed files with 2 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -15,7 +15,7 @@ make --directory=docker

 Next we need to launch the server:
 ```bash
-docker run --init --rm --publish 3000:3000/tcp org-investigation
+docker run --init --rm --publish 3000:3000/tcp --read-only --mount type=tmpfs,destination=/tmp org-investigation
 ```

 This launches a server listening on port 3000, so pop open your browser to http://127.0.0.1:3000/ to access the web interface.
--- a/scripts/launch_docker.bash
+++ b/scripts/launch_docker.bash
@ -6,7 +6,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

 function main {
    make --directory "$DIR/../docker"
-    exec docker run --init --rm --publish 3000:3000/tcp org-investigation
+    exec docker run --init --rm --read-only --mount type=tmpfs,destination=/tmp --publish 3000:3000/tcp org-investigation
 }

 main "${@}"