docker: expand security notice

2026-05-10 16:04:37 +00:00 · 2026-02-23 09:30:00 +01:00
parent a98910f94a
commit 0b8521300b
1 changed files with 9 additions and 5 deletions
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -2,11 +2,15 @@
 # volumes, env overrides) in docker-compose.override.yaml instead.
 # See docker/docker-compose.override.yaml.example for a starting point.
 #
-# Security note: this container uses network_mode:host (chatmail needs many
-# ports: 25, 53, 80, 143, 443, 465, 587, 993, 3340, 8443) and cgroup:host
-# (required for systemd). Together these give the container near-host-level
-# access. This is acceptable for a dedicated mail server, but be aware that
-# the container can bind any port and see all host network traffic.
+# Security notes: this container uses 
+#  - network_mode:host chatmail needs many ports (25, 53, 80, 143, 443, 465,
+#  587, 993, 3340, 8443) and needs to operate from the real IP, which bridging
+#  would make tricky
+#  - cgroup:host (required for systemd). 
+#  Together these give the container near-host-level access. This is acceptable
+#  for a dedicated mail server, but be aware that the container can bind any
+#  port and see all host network traffic.
+
 services:
  chatmail:
    build: