jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Revert "proxyAuth: use default fallback icon when no appstore icon or custom icon"

Browse Source 
This reverts commit 045c3917c9.

This was committed by mistake, not sure how. 3d28833c35 is the commit
that fixes this issue.
This commit is contained in:
Girish Ramakrishnan
2022-04-28 17:04:23 -07:00
parent 7cf80ebf69
commit 765f6d1b12
1 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/docker.js
+14 -14
View File
@@ -354,7 +354,7 @@ async function createSubcontainer(app, name, cmd, options) {
CpuShares: app.cpuShares,
VolumesFrom: isAppContainer ? null : [ app.containerId + ':rw' ],
SecurityOpt: [ 'apparmor=docker-cloudron-app' ],
CapAdd: ['ALL'],
CapAdd: [],
CapDrop: [],
Sysctls: {}
}
@@ -389,20 +389,20 @@ async function createSubcontainer(app, name, cmd, options) {
const capabilities = manifest.capabilities || [];
// https://docs-stage.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
// if (capabilities.includes('net_admin')) {
// containerOptions.HostConfig.CapAdd.push('NET_ADMIN', 'NET_RAW');
// // ipv6 for new interfaces is disabled in the container. this prevents the openvpn tun device having ipv6
// // See https://github.com/moby/moby/issues/20569 and https://github.com/moby/moby/issues/33099
// containerOptions.HostConfig.Sysctls['net.ipv6.conf.all.disable_ipv6'] = '0';
// }
// if (capabilities.includes('mlock')) containerOptions.HostConfig.CapAdd.push('IPC_LOCK'); // mlock prevents swapping
// if (!capabilities.includes('ping')) containerOptions.HostConfig.CapDrop.push('NET_RAW'); // NET_RAW is included by default by Docker
if (capabilities.includes('net_admin')) {
containerOptions.HostConfig.CapAdd.push('NET_ADMIN', 'NET_RAW');
// ipv6 for new interfaces is disabled in the container. this prevents the openvpn tun device having ipv6
// See https://github.com/moby/moby/issues/20569 and https://github.com/moby/moby/issues/33099
containerOptions.HostConfig.Sysctls['net.ipv6.conf.all.disable_ipv6'] = '0';
}
if (capabilities.includes('mlock')) containerOptions.HostConfig.CapAdd.push('IPC_LOCK'); // mlock prevents swapping
if (!capabilities.includes('ping')) containerOptions.HostConfig.CapDrop.push('NET_RAW'); // NET_RAW is included by default by Docker
// if (capabilities.includes('vaapi') && safe.fs.existsSync('/dev/dri')) {
// containerOptions.HostConfig.Devices = [
// { PathOnHost: '/dev/dri', PathInContainer: '/dev/dri', CgroupPermissions: 'rwm' }
// ];
// }
if (capabilities.includes('vaapi') && safe.fs.existsSync('/dev/dri')) {
containerOptions.HostConfig.Devices = [
{ PathOnHost: '/dev/dri', PathInContainer: '/dev/dri', CgroupPermissions: 'rwm' }
];
}
containerOptions = _.extend(containerOptions, options);