SipsOfCode/infrastructure
2
2
Fork 0
Code Issues 5 Pull requests 4 Releases Activity

fix(elementweb): remove override caps & use new temp location #157

Merged
saibotk merged 1 commit from reduce-element-web-permissions into main 2025-04-12 13:54:48 +02:00
Conversation 2 Commits 1 Files changed 1 +1 -3
saibotk commented 2025-04-11 23:35:23 +02:00
Owner
Copy link

Element Web switched to the nginx-unprivileged container in its latest version [0].

This image variant stores all the nginx related runtime files in the /tmp folder, so we added it as a Tmpfs with a reasonable size, should caching be used.

Also the new image does not need the permissions override capability, as it was designed to run root-less and stores everything with the nginx user's permissions already.

[0] https://github.com/element-hq/element-web/pull/29353

Element Web switched to the nginx-unprivileged container in its latest version [0]. This image variant stores all the nginx related runtime files in the /tmp folder, so we added it as a Tmpfs with a reasonable size, should caching be used. Also the new image does not need the permissions override capability, as it was designed to run root-less and stores everything with the nginx user's permissions already. [0] https://github.com/element-hq/element-web/pull/29353
saibotk self-assigned this 2025-04-11 23:35:23 +02:00
fix(elementweb): remove override caps & use new temp location
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
ci/woodpecker/push/ansible-lint Pipeline was successful
Details
0069e35409
 
Element Web switched to the nginx-unprivileged container in its latest version [0].

This image variant stores all the nginx related runtime files in the /tmp folder, so we added it as a Tmpfs with a reasonable size, should caching be used.

Also the new image does not need the permissions override capability, as it was designed to run root-less and stores everything with the nginx user's permissions already.

[0] https://github.com/element-hq/element-web/pull/29353
requested review from histalek 2025-04-11 23:35:32 +02:00
histalek approved these changes 2025-04-12 07:56:00 +02:00
histalek left a comment
Owner
Copy link

Putting things directly in /tmp seems like a strange choice by the unprivileged nginx container, but in regards to this being a container it's probably fine?

Anyways, changes LGTM

Putting things directly in `/tmp` seems like a strange choice by the unprivileged nginx container, but in regards to this being a container it's probably fine? Anyways, changes LGTM
saibotk commented 2025-04-12 13:54:42 +02:00
Author
Owner
Copy link

Yeah but thats how they designed it idk

Yeah but thats how they designed it idk
saibotk deleted branch reduce-element-web-permissions 2025-04-12 13:54:48 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
histalek
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
saibotk
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: SipsOfCode/infrastructure#157
No description provided.
Delete branch "reduce-element-web-permissions"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?