fix privileges

2025-12-01 02:26:17 +04:00
parent a6c56ecb22
commit bd2ed7716c
2 changed files with 8 additions and 18 deletions
--- a/compose.yaml
+++ b/compose.yaml
@@ -26,6 +26,7 @@

  worker:
    image: liquidcode-tester-worker:latest
+    privileged: true
    container_name: liquidcode-tester-worker
    build:
      context: .
@@ -36,16 +37,9 @@
      - ASPNETCORE_ENVIRONMENT=Development
    networks:
      - liquidcode-network
-    # Security hardening for Worker
-    security_opt:
-      - no-new-privileges:true
-      - apparmor=docker-default
-    cap_drop:
-      - ALL
-    cap_add:
-      - SYS_ADMIN  # Required for Isolate namespaces
-      - SETUID     # Required for Isolate to change user context
-      - SETGID     # Required for Isolate to change group context
+    # Mount cgroup for Isolate sandbox
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
    # Temporary filesystem for compilation and testing
    tmpfs:
      - /tmp:exec,size=4G