slice 8C C.3: de-privilege the controller container (legacy docker-setup template) + CHANGELOG (v0.37.0)

Dropped privileged:true + /mnt rshared + /sys + /dev + /etc/fstab + /run/udev from the bare-metal compose template (controller no longer does disk ops). The golden bootstrap run was already minimal (8A). Slice 8 CLOSED on the controller. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-10 13:59:26 +02:00
parent abe4e8e619
commit 6d267b3e4d
2 changed files with 46 additions and 10 deletions
@@ -1698,7 +1698,11 @@ services:
    image: gitea.dooplex.hu/admin/felhom-controller:latest
    container_name: felhom-controller
    restart: unless-stopped
-    privileged: true
+    # slice 8C: DE-PRIVILEGED. The disk-execution subsystem (scan/format/mount/migrate, restic,
+    # cross-drive) moved to the host agent — the controller is Docker-only and holds NO disk
+    # privileges. Dropped: privileged:true, the /mnt rshared bind, /sys, /dev, /etc/fstab,
+    # /run/udev. Kept: the docker socket (app/stack management), config, data, the stacks dir,
+    # and the app-data backup dir.
    ports:
      - "8080:8080"
      - "8081:8081"
@@ -1708,17 +1712,8 @@ services:
      - controller-data:/opt/docker/felhom-controller/data
      - /opt/docker/stacks:/opt/docker/stacks
      - /srv/backups:/srv/backups
-      - type: bind
-        source: /mnt
-        target: /mnt
-        bind:
-          propagation: rshared
-      - /sys:/host/sys:ro
      - /etc/os-release:/host/etc/os-release:ro
      - /etc/hostname:/host/etc/hostname:ro
-      - /dev:/host-dev:rw
-      - /etc/fstab:/host-fstab
-      - /run/udev:/run/udev:ro
    environment:
      - TZ=Europe/Budapest
      - HOST_IP=$(get_server_ip)