From 7a66846f4a371a36b357e07d1c00b81084f249d5 Mon Sep 17 00:00:00 2001 From: Rik Huijzer Date: Fri, 8 Mar 2024 07:24:05 +0100 Subject: [PATCH] Incorporate feedback Co-authored-by: Earl Warren --- docs/admin/installation-docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/admin/installation-docker.md b/docs/admin/installation-docker.md index a6f2f9d4..e9060a1d 100644 --- a/docs/admin/installation-docker.md +++ b/docs/admin/installation-docker.md @@ -70,7 +70,7 @@ ENABLE_PUSH_CREATE_USER = true ## Rootless Forgejo also supports a rootless Docker image. -With this image, the Docker container can run as an unprivileged user, which means that an attacker will not have root privileges on the server even when they break out of the container. +With this image, the Docker container can run as an unprivileged user, which means that an attacker will not have root privileges on the server even when they gain access to the container. This configuration is slightly more involved because we need to prepare our data folders. To do so, we create a `data` folder with permissions for the user with `UID` and `GID` 1000.