From 93455f663da901fab49b870ce4146e73994c3b80 Mon Sep 17 00:00:00 2001 From: thelamer Date: Thu, 19 Sep 2024 15:51:08 -0400 Subject: [PATCH] add new env var needed for noble hosts possibly more --- README.md | 4 ++++ readme-vars.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/README.md b/README.md index 61a5159..99706ee 100644 --- a/README.md +++ b/README.md @@ -117,6 +117,8 @@ services: image: lscr.io/linuxserver/kasm:latest container_name: kasm privileged: true + security_opt: + - apparmor:rootlesskit #optional environment: - KASM_PORT=443 - DOCKER_HUB_USERNAME=USER #optional @@ -139,6 +141,7 @@ services: docker run -d \ --name=kasm \ --privileged \ + --security-opt apparmor=rootlesskit `#optional` \ -e KASM_PORT=443 \ -e DOCKER_HUB_USERNAME=USER `#optional` \ -e DOCKER_HUB_PASSWORD=PASS `#optional` \ @@ -169,6 +172,7 @@ Containers are configured using parameters passed at runtime (such as those abov | `-v /profiles` | Optionally specify a path for persistent profile storage. | | `-v /dev/input` | Optional for gamepad support. | | `-v /run/udev/data` | Optional for gamepad support. | +| `--security-opt apparmor=rootlesskit` | Some hosts require this on top of privileged for namespacing to work properly inside the DinD layer. | ## Environment variables from files (Docker secrets) diff --git a/readme-vars.yml b/readme-vars.yml index 449c43b..ed45a03 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -60,6 +60,10 @@ opt_param_volumes: - { vol_path: "/dev/input", vol_host_path: "/dev/input", desc: "Optional for gamepad support." } - { vol_path: "/run/udev/data", vol_host_path: "/run/udev/data", desc: "Optional for gamepad support." } +opt_security_opt_param: true +opt_security_opt_param_vars: + - { run_var: "apparmor=rootlesskit", compose_var: "apparmor:rootlesskit", desc: "Some hosts require this on top of privileged for namespacing to work properly inside the DinD layer." } + opt_param_usage_include_ports: false opt_param_ports: []