Thank you, but this only applies to priviledged containers (which are normally not used and should not be used)

Can you provide the required arguments for chroot? I’ve just opened the bash shell of a running container (docker exec -it mycontainer bash) and tried to “break out” using “chroot /”. I can’t access any files of the host.

How would a rogue container be able to access the root directory of the host? Wouldn’t it just be able to access the data on the docker volumes? Thank you.

I can recommend purelymail.com. Cheap, works great with my custom domain, allows unlimited mail boxes ans users for the whole family.

Until August 2024 only .arpa was reserved for residential network services. Glad to hear there is something new less akward!

I’m using syncthing-fork on Android for years on multiple devices without problems.

postgresql db (e.g. in Docker) + Dbeaver as GUI client

Yes, exactly. I push photos into the “import folder” of Photoprism. I don’t manually trigger the re-index but I restart photoprism at night using a cronjob. I am not using settings like “PHOTOPRISM_AUTO_IMPORT”. Contact me if you need me to investigate more.

I’m uploading to a directory using syncthing. It’s working perfectly fine without any scripts. I’m running Photoprism in a docker container.

You don’t need to compile and run with the same jdk version. Dunno why you think this.

You can do that with ZFS. It’s built-in integrierty check will automatically heal errors and tell you what drive has gone bad.

I can also recommend zfs on debian. Even if you only using two disks you will be still protected from bit rot.

I can recommend dockprom. It comes with grafana preconfigured.

ZFS is rigid? Please explain

Get a mainboard and CPU supporting ECC ram. Combine it with ZFS as the file system. With this setup you are safe from bitrot.

So what is a better paradigm in your opinion?

Setters and Getters?

True, but I thought we are talking about security here…?

How would is a typo possible if one is using a password manager?

Tell me