From ba6e20ca368c2ee1a006233cc4afdec79df39455 Mon Sep 17 00:00:00 2001
From: Emilien <4016501+unixfox@users.noreply.github.com>
Date: Sat, 24 May 2025 22:36:33 +0200
Subject: [PATCH] chore: Add back security cap

This reverts commit 31acd45ec22a5702a15b5e67d6fa725e92eadb83.
---
 docker-compose.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/docker-compose.yaml b/docker-compose.yaml
index 328fe019..2b1465e0 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -13,6 +13,10 @@ services:
     environment:
       - SEARXNG_HOSTNAME=${SEARXNG_HOSTNAME:-http://localhost}
       - SEARXNG_TLS=${LETSENCRYPT_EMAIL:-internal}
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_BIND_SERVICE
     logging:
       driver: "json-file"
       options:
@@ -28,6 +32,12 @@ services:
       - searxng
     volumes:
       - valkey-data2:/data
+    cap_drop:
+      - ALL
+    cap_add:
+      - SETGID
+      - SETUID
+      - DAC_OVERRIDE
     logging:
       driver: "json-file"
       options:
@@ -48,6 +58,12 @@ services:
       - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
       - UWSGI_WORKERS=${SEARXNG_UWSGI_WORKERS:-4}
       - UWSGI_THREADS=${SEARXNG_UWSGI_THREADS:-4}
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
     logging:
       driver: "json-file"
       options: