From 7aa26e16eb663f7edb142f9de44fb3b1aaba269e Mon Sep 17 00:00:00 2001 From: thespad Date: Tue, 17 Dec 2024 17:09:15 +0000 Subject: [PATCH] Add no-new-privs note --- docs/misc/non-root.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/misc/non-root.md b/docs/misc/non-root.md index 0611d0c88d..3f9136e1ee 100644 --- a/docs/misc/non-root.md +++ b/docs/misc/non-root.md @@ -35,6 +35,7 @@ Our images use s6 as a supervisor and that needs to be able to write its service * Docker Mods will not be run * Custom Services will not be run * Custom Scripts will be limited in their functionality +* You cannot set `no-new-privileges=true` as it will prevent s6 from being able to start the init process For all of these reasons, we recommend you *do not* switch existing container instances to run with a non-root user without careful testing.