Best practice with docker is to bind mount config files into docker and have the filesystem prevent any execution on the bind mounts. This is done via setting no exec on the parent mount. This prevents execution escapes from the containers to the parent host.
inspircd uses shell scripts as part of the configuration language. This breaks on no exec mounts, however if the execution is run via sh /path/to/config.sh, this works just fine on no exec mounts. Would this be a accepted patch?
Best practice with docker is to bind mount config files into docker and have the filesystem prevent any execution on the bind mounts. This is done via setting no exec on the parent mount. This prevents execution escapes from the containers to the parent host.
inspircd uses shell scripts as part of the configuration language. This breaks on no exec mounts, however if the execution is run via
sh /path/to/config.sh, this works just fine on no exec mounts. Would this be a accepted patch?