Linux on Nobody's Home

Docker Permissions

Sun, 12 Apr 2026 00:00:00 +0000

References:

Docker Containers Can Do Too Much

Your containers can do too much. Look at all the capabilities a Docker container gets by default:

  - SYS_ADMIN
  - NET_ADMIN
  - NET_RAW
  - FOWNER
  - SETGID
  - SETUID
  - CHOWN
  - AUDIT_CONTROL
  - AUDIT_READ
  - AUDIT_WRITE
  - BLOCK_SUSPEND
  - BPF
  - CHECKPOINT_RESTORE
  - DAC_READ_SEARCH
  - DAC_OVERRIDE
  - FSETID
  - IPC_LOCK
  - KILL
  - LEASE
  - LINUX_IMMUTABLE
  - MAC_ADMIN
  - MAC_OVERRIDE
  - MKNOD
  - NET_ADMIN
  - NET_BIND_SERVICE
  - NET_BROADCAST
  - PERFMON
  - SETFCAP
  - SETPCAP
  - SYS_BOOT
  - SYS_CHROOT
  - SYS_NICE
  - SYS_PACCT
  - SYS_PTRACE
  - SYS_RAWIO
  - SYS_RESOURCE
  - SYS_TIME
  - SYS_TTY_CONFIG
  - SYSLOG
  - WAKE_ALARM

This should clearly be limited. Containers share functions of the host kernel, it’s how they cut down on overhead. Giving unecessary permissions violates the security principle of least privilege. So, how go about it?

Extend LVM

Wed, 25 Jun 2025 00:00:00 +0000

Resources

Instructions

Identify partitions with the lsblk command
Determine the volume group you want to extend using the vgs and vgdisplay commands
Determine the logical volumes using lvs command
Determine the mapping of the logical volume (/dev/[VG-NAME]/[lv name])
Extend the partition (cfdisk)
Extend the physical volume:

pvresize /dev/sd[your partition]

Extend the logical volume :```

lvextend -r -l +100%FREE /dev/mapper/VG-NAME --lv NAME

(Possibly) Extend the file system (varies by file system type):

XFS:

xfs_growfs /dev/mapper/VG-NAME --lv name

Extend a Proxmox VM Disk

In the virtual machine hardware tab, select the disk you wish to resize and click “Disk Action” then “Resize”

Update Fedora

Sat, 03 May 2025 00:00:00 +0000

This guide is a quick copy/paste on how to update Fedora Lunux.

Update the Latest Packages

sudo dnf upgrade --refresh

Download the System Update

sudo dnf system-upgrade download --releasever={LATEST RELEASE}

Note: releasever can be changed easily, and incremented by 2

Reboot

sudo dnf system-upgrade reboot

(Optional) Further Updates

sudo dnf install rpmconf && sudo rpmconf -a && sudo dnf install remove-retired-packages
remove-retired-packages

Clean and remove duplicate packages

sudo dnf repoquery --duplicates && sudo dnf remove --duplicates && sudo dnf autoremove

Clean gpg keys

sudo dnf install clean-rpm-gpg-pubkey
sudo clean-rpm-gpg-pubkey

Clean symlinks

Step 1:

Smart Cards on Linux

Wed, 03 Jul 2024 00:00:00 +0000

Description

PCSCD serves as middleware to access a smart card using PC/SC. Install this program to

Installation

sudo apt install pcscd -y

Enable Socket

sudo systemctl enable --now pcscd.socket

Make Sure It’s Working

systemctl status pcscd.service