libohad-dev/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Restrict service container privileges

Browse source
This commit is contained in:
Ohad Livne 2026-04-09 21:56:06 +03:00
parent 6ca9d88995
commit e4b0e731d6
Signed by: libohad-dev
GPG key ID: 34FDC68B51191A4D
2 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.config/containers/systemd/ollama.container
View file

@ -5,9 +5,11 @@ Description=A local LLM server
# keep-sorted start # keep-sorted start
AutoUpdate=registry AutoUpdate=registry
ContainerName=ollama ContainerName=ollama
DropCapability=ALL
Environment=OLLAMA_KEEP_ALIVE=10m Environment=OLLAMA_KEEP_ALIVE=10m
Image=docker.io/ollama/ollama:latest Image=docker.io/ollama/ollama:latest
Network=ollama.network Network=ollama.network
NoNewPrivileges=true
PodmanArgs=--transient-store PodmanArgs=--transient-store
PublishPort=11434:11434 PublishPort=11434:11434
ReadOnly=true ReadOnly=true

2
.config/containers/systemd/plantuml.container
View file

@ -5,8 +5,10 @@ Description=A local PlantUML server
# keep-sorted start # keep-sorted start
AutoUpdate=registry AutoUpdate=registry
ContainerName=plantuml ContainerName=plantuml
DropCapability=ALL
Image=docker.io/plantuml/plantuml-server:jetty Image=docker.io/plantuml/plantuml-server:jetty
Network=private Network=private
NoNewPrivileges=true
PodmanArgs=--transient-store PodmanArgs=--transient-store
PublishPort=8080:8080 PublishPort=8080:8080
ReadOnly=true ReadOnly=true