Commit edebd7e
committed
Use setpriv instead of gosu to drop privileges
Changes:
setpriv is used instead of gosu with the following flags:
* Set reuid and regid to redis user and group
* Clear all supplementary groups
* Set bounding capabilities to an empty list
* Enable no-new-privs bit
redis-sentinel is now also run with dropped privileges (previously, it wasn't)
Both redis-sentinel and redis-server will start with dropped privileges, regardless of how they were started (whether using absolute paths or just file names)1 parent 7109557 commit edebd7e
File tree
4 files changed
+36
-75
lines changed- alpine
- debian
4 files changed
+36
-75
lines changedSome generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments