faglo/remotion_service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e0929b4511f2773d8f7aba89f2b8bbb3a5bf5880
remotion_service/.claude/agents-memory/devops-engineer/2026-03-24-cap-drop-redis-failure.md
T
Daniil 694b8bc77c docs initial
2026-04-06 01:44:58 +03:00

788 B
Raw Blame History

cap_drop: ALL Breaks redis-alpine Startup

Applies when: adding Linux capability restrictions to Docker Compose services, especially Redis or any image that switches users at startup.

  • redis:7-alpine entrypoint calls gosu redis to drop from root to the redis user.
  • gosu requires SETUID and SETGID capabilities to switch users.
  • cap_drop: ALL without cap_add: [SETUID, SETGID] prevents the user switch, causing immediate container exit.
  • The container logs show no error -- it just exits silently with code 1.
  • Decision (2026-03-24): removed all cap_drop/cap_add from both compose files. For a dev-only local stack, the complexity and debugging cost outweigh the security benefit. Revisit for production deployment with proper per-service capability analysis.
Reference in New Issue View Git Blame Copy Permalink