Erich Blume
de476bab45
All checks were successful
Build Container / build (push) Successful in 28s
Instead of running as root, create a dedicated navidrome user (UID 1000) in the container and use Kubernetes fsGroup to ensure PVC volumes are writable. This provides defense-in-depth against container escape attacks. - Dockerfile: add navidrome user/group (1000), set USER 1000 - Deployment: add pod securityContext (fsGroup, runAsUser, runAsGroup) - Deployment: add container securityContext (runAsNonRoot, no privilege escalation) - Bump image to v1.0.3 (v1.0.2 was built without these changes) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| .gitkeep | ||
| feature-document-container-build-port-navidrome.feature.md | ||
| fix-navidrome-container-v1.0.2.bugfix.md | ||
| frigate-stationary-fix.bugfix.md | ||