This is likely a critical security issue allowing full app and system access to a potential attacker.
llm suggest this as a possible resolution, take with a big grain of salt:
services:
tesp-api:
# Remove: privileged: true
cap_add:
- NET_BIND_SERVICE # Only if you need to bind to privileged ports (< 1024)
# Or simply run on unprivileged ports (you're already using 8080)
security_opt:
- no-new-privileges:true # Prevent privilege escalation
# ...
pulsar_rest:
# If you truly need Docker-in-Docker, use a safer alternative:
# Remove: privileged: true
volume_mounts:
- /var/run/docker.sock:/var/run/docker.sock
Consider using: "Docker socket proxy" or "Rootless Docker"
This is likely a critical security issue allowing full app and system access to a potential attacker.
llm suggest this as a possible resolution, take with a big grain of salt: