jeans/supervisor
jeans/supervisor
1
0
Fork 0
mirror of https://github.com/home-assistant/supervisor.git synced 2025-07-07 17:26:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use s6-overlay read-only mode by default (#5906)

Browse Source 
To avoid accidential writes to the Supervisor root filesystem, we might
use the Docker read-only mode at one point. This is not yet the default,
but using s6-overlay with the read-only flag seems not to have any
downsides. So enable this by default.

To start Supervisor with read-only root file system teh following
arguments have to be used: `--read-only --tmpfs /run:exec`.
This commit is contained in:
Stefan Agner 2025-05-22 17:30:42 +02:00 committed by GitHub
parent a452969ffe
commit c80fbd77c8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile
View File

@ -2,6 +2,7 @@ ARG BUILD_FROM
FROM ${BUILD_FROM}
ENV \
S6_READ_ONLY_ROOT=1 \
S6_SERVICES_GRACETIME=10000 \
SUPERVISOR_API=http://localhost \
CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 \