From 6cb2ffa7360a3d3375791a4e250af1cb21065942 Mon Sep 17 00:00:00 2001
From: Nemo <commits@captnemo.in>
Date: Tue, 2 Feb 2021 14:07:15 +0530
Subject: [PATCH] Security note about docker socket mount

---
 docker/conf/traefik.toml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docker/conf/traefik.toml b/docker/conf/traefik.toml
index a411dc6..eb20faa 100644
--- a/docker/conf/traefik.toml
+++ b/docker/conf/traefik.toml
@@ -23,6 +23,9 @@ checkNewVersion = false
 
 [docker]
   # Make sure you mount this as readonly
+  # NOTE: readonly doesn't reduce the risk because
+  # it is a unix socket - it doesn't automatically translate
+  # read|write perms to GET/POST requests.
   endpoint = "unix:///var/run/docker.sock"
   domain = "bb8.fun"
   watch = true