From 52d3e366e5312b59a016f36f9dcb30ffe98d93c7 Mon Sep 17 00:00:00 2001
From: Felix Bartels <1257835+fbartels@users.noreply.github.com>
Date: Fri, 17 Jan 2020 12:28:18 +0100
Subject: [PATCH] drop cap_* for kweb (#323)

explicit capabilities are not longer required since the process is now running as nobody

fixes #322

Signed-off-by: Felix Bartels <felix@host-consultants.de>
---
 docker-compose.yml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 83d6990..2e50e2b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,13 +10,6 @@ services:
       - EMAIL=${EMAIL:-off}
       - FQDN=${FQDNCLEANED?err}
     command: wrapper.sh
-    cap_drop:
-      - ALL
-    cap_add:
-      - CHOWN
-      - NET_BIND_SERVICE
-      - SETGID
-      - SETUID
     volumes:
       - /etc/machine-id:/etc/machine-id
       - /var/lib/dbus/machine-id:/var/lib/dbus/machine-id