Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Master Dev Merge #264

Merged
merged 8 commits into from
Apr 28, 2024
Merged

Master Dev Merge #264

merged 8 commits into from
Apr 28, 2024

Conversation

jammsen
Copy link
Owner

@jammsen jammsen commented Apr 28, 2024

No description provided.

Callum027 and others added 8 commits March 3, 2024 13:29
@Callum027
Minimise user write access to container service files
e757dae 
This PR reduces the number of files that the container user is given write access to before the user jail is started.

This reduces the risk of files being modified by potential attackers if they managed to break into the container environment (through, for example, a vulnerability in Palworld.)

The following files/directories have had their ownership changed to `root:root`:

* `/entrypoint.sh`
* `/PalWorldSettings.ini.template`
* `/scripts`
* `/includes`

The container user still has full read access to these files. `PalWorldSettings.ini.template` is still copied by the user to the Palworld config dir (with correct ownership), and `server.sh` can set configuration values in it without issues. The only thing that has changed is that the container user can no longer *modify* these files.

`PalWorldSettings.ini.template` and `rcon.yaml` have also had execute permissions removed, as they do not need to be executable.
@StaleLoafOfBread
feat(error): throw when not running as root
706bc7f
@actions-user
Auto-merge master back to dev
af721cd
@jammsen
Merge branch 'feat/error/force-root' of github.com:StaleLoafOfBread/d…
7555c01 
…ocker-palworld-dedicated-server into StaleLoafOfBread-feat/error/force-root
@jammsen
finalising the pr
c6bbf7e
@jammsen
Merge branch 'StaleLoafOfBread-feat/error/force-root' into develop
d8b2aa3
@jammsen
Merge pull request #241 from Callum027/file-permission-changes
1845be4 
Minimise user write access to container service files
@jammsen
added changelog, try to remove merge-conflict
f0cd097
@jammsen jammsen merged commit 6c75ef6 into master Apr 28, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jammsen @Callum027 @StaleLoafOfBread @actions-user