faglo/remotion_service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
remotion_service/.claude/agents-memory/devops-engineer/2026-03-24-cap-drop-redis-failure.md
T
Daniil 694b8bc77c docs initial
2026-04-06 01:44:58 +03:00

10 lines
788 B
Markdown
Raw Permalink Blame History

# cap_drop: ALL Breaks redis-alpine Startup
**Applies when:** adding Linux capability restrictions to Docker Compose services, especially Redis or any image that switches users at startup.
- `redis:7-alpine` entrypoint calls `gosu redis` to drop from root to the `redis` user.
- `gosu` requires `SETUID` and `SETGID` capabilities to switch users.
- `cap_drop: ALL` without `cap_add: [SETUID, SETGID]` prevents the user switch, causing immediate container exit.
- The container logs show no error -- it just exits silently with code 1.
- Decision (2026-03-24): removed all cap_drop/cap_add from both compose files. For a dev-only local stack, the complexity and debugging cost outweigh the security benefit. Revisit for production deployment with proper per-service capability analysis.
Reference in New Issue View Git Blame Copy Permalink