You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -62,12 +62,16 @@ If a mod requires additional packages to be installed, each container will still
62
62
63
63
Note that the Modmanager container itself does not support applying mods *or* custom files/services.
64
64
65
+
### Security considerations
66
+
67
+
Mapping `docker.sock` is a potential security liability because docker has root access on the host and any process that has full access to `docker.sock` would also have root access on the host. Docker api has no built-in way to set limitations on access, however, you can use a proxy for the `docker.sock` via a solution like [our docker socket proxy](https://github.com/linuxserver/docker-socket-proxy), which adds the ability to limit access. Then you would just set `DOCKER_HOST=` environment variable to point to the proxy address.
68
+
65
69
### Multiple Hosts
66
70
67
71
>[!WARNING]
68
72
>Make sure you fully understand what you're doing before you try and set this up as there are lots of ways it can go wrong.
69
73
70
-
Modmanager can query & download mods for remote hosts, as well as the one on which it is installed. At a very basic level if you're just using the DOCKER_MODS env and not the docker integration, simply mount the `/modcache` folder on your remote host(s), ensuring it is writeable by all participating containers.
74
+
Modmanager can query & download mods for remote hosts, as well as the one on which it is installed. At a very basic level if you're just using the DOCKER_MODS env and not the docker integration, simply mount the `/modcache` folder on your remote host(s), ensuring it is mapped for all participating containers.
71
75
72
76
If you are using the docker integration, our only supported means for connecting to remote hosts is [our socket proxy container](). Run an instance on each remote host:
73
77
@@ -97,11 +101,7 @@ And then add it to the `DOCKER_MODS_EXTRA_HOSTS` env using the full protocol and
As above you will need to mount the `/modcache` folder on your remote host(s), ensuring it is writeable by all participating containers.
101
-
102
-
### Security considerations
103
-
104
-
Mapping `docker.sock` is a potential security liability because docker has root access on the host and any process that has full access to `docker.sock` would also have root access on the host. Docker api has no built-in way to set limitations on access, however, you can use a proxy for the `docker.sock` via a solution like [our docker socket proxy](https://github.com/linuxserver/docker-socket-proxy), which adds the ability to limit access. Then you would just set `DOCKER_HOST=` environment variable to point to the proxy address.
104
+
As above you will need to mount the `/modcache` folder on your remote host(s), ensuring it is mapped for all participating containers.
Copy file name to clipboardExpand all lines: readme-vars.yml
+6-6Lines changed: 6 additions & 6 deletions
Original file line number
Diff line number
Diff line change
@@ -66,12 +66,16 @@ full_custom_readme: |
66
66
67
67
Note that the Modmanager container itself does not support applying mods *or* custom files/services.
68
68
69
+
### Security considerations
70
+
71
+
Mapping `docker.sock` is a potential security liability because docker has root access on the host and any process that has full access to `docker.sock` would also have root access on the host. Docker api has no built-in way to set limitations on access, however, you can use a proxy for the `docker.sock` via a solution like [our docker socket proxy](https://github.com/linuxserver/docker-socket-proxy), which adds the ability to limit access. Then you would just set `DOCKER_HOST=` environment variable to point to the proxy address.
72
+
69
73
### Multiple Hosts
70
74
71
75
>[!WARNING]
72
76
>Make sure you fully understand what you're doing before you try and set this up as there are lots of ways it can go wrong.
73
77
74
-
Modmanager can query & download mods for remote hosts, as well as the one on which it is installed. At a very basic level if you're just using the DOCKER_MODS env and not the docker integration, simply mount the `/modcache` folder on your remote host(s), ensuring it is writeable by all participating containers.
78
+
Modmanager can query & download mods for remote hosts, as well as the one on which it is installed. At a very basic level if you're just using the DOCKER_MODS env and not the docker integration, simply mount the `/modcache` folder on your remote host(s), ensuring it is mapped for all participating containers.
75
79
76
80
If you are using the docker integration, our only supported means for connecting to remote hosts is [our socket proxy container](). Run an instance on each remote host:
As above you will need to mount the `/modcache` folder on your remote host(s), ensuring it is writeable by all participating containers.
105
-
106
-
### Security considerations
107
-
108
-
Mapping `docker.sock` is a potential security liability because docker has root access on the host and any process that has full access to `docker.sock` would also have root access on the host. Docker api has no built-in way to set limitations on access, however, you can use a proxy for the `docker.sock` via a solution like [our docker socket proxy](https://github.com/linuxserver/docker-socket-proxy), which adds the ability to limit access. Then you would just set `DOCKER_HOST=` environment variable to point to the proxy address.
108
+
As above you will need to mount the `/modcache` folder on your remote host(s), ensuring it is mapped for all participating containers.
0 commit comments