From 67a98e51d9c72f827aab1ccb76fa4351a2a010f8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 14 May 2018 14:31:43 +0300 Subject: [PATCH] Make the riot-web container run without root privileges --- .../templates/systemd/matrix-riot-web.service.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/matrix-server/templates/systemd/matrix-riot-web.service.j2 b/roles/matrix-server/templates/systemd/matrix-riot-web.service.j2 index 7cc17c9f..07582556 100644 --- a/roles/matrix-server/templates/systemd/matrix-riot-web.service.j2 +++ b/roles/matrix-server/templates/systemd/matrix-riot-web.service.j2 @@ -8,7 +8,9 @@ Type=simple ExecStartPre=-/usr/bin/docker kill matrix-riot-web ExecStartPre=-/usr/bin/docker rm matrix-riot-web ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \ - -v {{ matrix_nginx_riot_web_data_path }}:/data:ro \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + -v {{ matrix_nginx_riot_web_data_path }}/config.json:/riot-web/webapp/config.json:ro \ + -v {{ matrix_nginx_riot_web_data_path }}/riot.im.conf:/data/riot.im.conf:ro \ {% if not matrix_nginx_proxy_enabled %} -p 127.0.0.1:8765:8765 \ {% endif %}