Harden Docker container security

Run as non-root user (fixes Claude Code refusing bypassPermissions as root, which caused all agent spawns to exit instantly with no session). Add read-only root filesystem, drop all capabilities, set no-new-privileges, bind port to localhost only, and require GIT_USER_NAME/GIT_USER_EMAIL env vars at startup. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 20:33:50 +00:00
parent 0416bf343c
commit fe0f560b58
3 changed files with 67 additions and 13 deletions
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -16,11 +16,14 @@ services:
      dockerfile: docker/Dockerfile
    container_name: storkit
    ports:
-      # Web UI + MCP endpoint
-      - "3001:3001"
+      # Bind to localhost only — not exposed on all interfaces.
+      - "127.0.0.1:3001:3001"
    environment:
      # Required: Anthropic API key for Claude Code agents
      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:?Set ANTHROPIC_API_KEY}
+      # Required: git identity for agent commits
+      - GIT_USER_NAME=${GIT_USER_NAME:?Set GIT_USER_NAME}
+      - GIT_USER_EMAIL=${GIT_USER_EMAIL:?Set GIT_USER_EMAIL}
      # Optional: override the server port (default 3001)
      - STORKIT_PORT=3001
      # Optional: Matrix bot credentials (if using Matrix integration)
@@ -45,7 +48,7 @@ services:

      # Claude Code state – persists session history, projects config,
      # and conversation transcripts so --resume works across restarts.
-      - claude-state:/root/.claude
+      - claude-state:/home/storkit/.claude

      # Storkit source tree for rebuild_and_restart.
      # The binary has CARGO_MANIFEST_DIR baked in at compile time
@@ -63,6 +66,23 @@ services:
      - workspace-target:/workspace/target
      - storkit-target:/app/target

+    # ── Security hardening ──────────────────────────────────────────
+    # Read-only root filesystem. Only explicitly mounted volumes and
+    # tmpfs paths are writable.
+    read_only: true
+    tmpfs:
+      - /tmp:size=512M
+      - /home/storkit/.npm:size=256M
+
+    # Drop all Linux capabilities, then add back only what's needed.
+    cap_drop:
+      - ALL
+
+    # Prevent child processes from gaining new privileges via setuid,
+    # setgid, or other mechanisms.
+    security_opt:
+      - no-new-privileges:true
+
    # Resource limits – cap the whole system.
    # Adjust based on your machine. These are conservative defaults.
    deploy: