标签: security docker docker-compose
我尝试应用docker CIS(https://github.com/docker/docker-bench-security)
测试5.13是:Mount container's root filesystem as read only 有一个docker run选项可以安装root FS只读:--read-only=true 但我无法通过docker-compose找到实现相同目标的可能性。
Mount container's root filesystem as read only
--read-only=true
是否有可能只使用docker-compose安装根FS!
答案 0 :(得分:1)
是的,您可以在撰写文件https://docs.docker.com/compose/compose-file/#cpu-shares-cpuset-domainname-entrypoint-hostname-ipc-mac-address-mem-limit-memswap-limit-privileged-read-only-restart-stdin-open-tty-user-working-dir
read_only: