mount gdc folder and host home folder read only for more security

devxpod · Aug 25, 2024 · 0b81ffe · 0b81ffe
1 parent e6dec13
commit 0b81ffe
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/dc-host-home-dir.yml b/dc-host-home-dir.yml
@@ -2,4 +2,4 @@
 services:
   dev:
     volumes:
-      - ~:/root/home-host # needed to copy .aws and bin folder from your home if enabled and they exists
+      - ~:/root/home-host:ro # needed to copy .aws and bin folder from your home if enabled and they exists
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -126,7 +126,7 @@ services:
       - DEV_CONTAINER=1.10.23 # used to detect if running inside dev container
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock # allow container to interact with host docker
-      - "${GDC_DIR}:/root/gdc-host" # mount gdc folder inside container to get access to compose files
+      - "${GDC_DIR}:/root/gdc-host:ro" # mount gdc folder inside container to get access to compose files
       - bash_history:/root/bash_history # keep bash history between container builds
       - persisted:/root/persisted # put things you want to persist between container rebuilds here
       - shared:/root/shared # persisted and shared between stacks / containers