You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -58,7 +58,6 @@ The architectures supported by this image are:
58
58
59
59
The application can be accessed at:
60
60
61
-
*http://yourhost:3000/
62
61
*https://yourhost:3001/
63
62
64
63
### Strict reverse proxies
@@ -79,6 +78,8 @@ By default, this container has no authentication. The optional `CUSTOM_USER` and
79
78
80
79
The web interface includes a terminal with passwordless `sudo` access. Any user with access to the GUI can gain root control within the container, install arbitrary software, and probe your local network.
81
80
81
+
While not generally recommended, certain legacy environments specifically those with older hardware or outdated Linux distributions may require the deactivation of the standard seccomp profile to get containerized desktop software to run. This can be achieved by utilizing the `--security-opt seccomp=unconfined` parameter. It is critical to use this option only when absolutely necessary as it disables a key security layer of Docker, elevating the potential for container escape vulnerabilities.
82
+
82
83
### Options in all Selkies-based GUI containers
83
84
84
85
This container is based on [Docker Baseimage Selkies](https://github.com/linuxserver/docker-baseimage-selkies), which provides the following environment variables and run configurations to customize its functionality.
@@ -186,8 +187,6 @@ services:
186
187
libreoffice:
187
188
image: lscr.io/linuxserver/libreoffice:latest
188
189
container_name: libreoffice
189
-
security_opt:
190
-
- seccomp:unconfined #optional
191
190
environment:
192
191
- PUID=1000
193
192
- PGID=1000
@@ -197,6 +196,7 @@ services:
197
196
ports:
198
197
- 3000:3000
199
198
- 3001:3001
199
+
shm_size: "1gb"
200
200
restart: unless-stopped
201
201
```
202
202
@@ -205,13 +205,13 @@ services:
205
205
```bash
206
206
docker run -d \
207
207
--name=libreoffice \
208
-
--security-opt seccomp=unconfined `#optional` \
209
208
-e PUID=1000 \
210
209
-e PGID=1000 \
211
210
-e TZ=Etc/UTC \
212
211
-p 3000:3000 \
213
212
-p 3001:3001 \
214
213
-v /path/to/config:/config \
214
+
--shm-size="1gb" \
215
215
--restart unless-stopped \
216
216
lscr.io/linuxserver/libreoffice:latest
217
217
```
@@ -228,7 +228,7 @@ Containers are configured using parameters passed at runtime (such as those abov
228
228
|`-e PGID=1000`| for GroupID - see below for explanation |
229
229
|`-e TZ=Etc/UTC`| specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
230
230
|`-v /config`| Users home directory in the container, stores program settings and documents |
231
-
|`--security-opt seccomp=unconfined`|For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker. |
231
+
|`--shm-size=`|Recommended for all desktop images. |
232
232
233
233
## Environment variables from files (Docker secrets)
- {run_var: "seccomp=unconfined", compose_var: "seccomp:unconfined", desc: "For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker."}
27
+
custom_params:
28
+
- {name: "shm-size", name_compose: "shm_size", value: "1gb", desc: "Recommended for all desktop images."}
0 commit comments