Comment on Linkwarden v2.12 - open-source collaborative bookmark manager to collect, read, annotate, and fully preserve what matters (tons of new features!) 🚀

<- View Parent
glizzyguzzler@piefed.blahaj.zone ⁨3⁊ ⁨days⁊ ago

As always you store data you want to keep in the volumes section.

With read-only you prevent new binaries from being added in the image space. You can add ‘noexec’ to your volumes/tmpfs preventing binaries to the areas that are writable. Then ideally you are using an image with minimal surface area (e.g., only sh and the exact binaries needed to make it go) and it’s very secure! It’s still plenty secure without a minimal image.

source
Sort:hotnewtop