Can you provide the required arguments for chroot? I’ve just opened the bash shell of a running container (docker exec -it mycontainer bash) and tried to “break out” using “chroot /”. I can’t access any files of the host.

How would a rogue container be able to access the root directory of the host? Wouldn’t it just be able to access the data on the docker volumes? Thank you.

I can recommend purelymail.com. Cheap, works great with my custom domain, allows unlimited mail boxes ans users for the whole family.

Until August 2024 only .arpa was reserved for residential network services. Glad to hear there is something new less akward!

I’m using syncthing-fork on Android for years on multiple devices without problems.

postgresql db (e.g. in Docker) + Dbeaver as GUI client

Yes, exactly. I push photos into the “import folder” of Photoprism. I don’t manually trigger the re-index but I restart photoprism at night using a cronjob. I am not using settings like “PHOTOPRISM_AUTO_IMPORT”. Contact me if you need me to investigate more.

I’m uploading to a directory using syncthing. It’s working perfectly fine without any scripts. I’m running Photoprism in a docker container.

You can do that with ZFS. It’s built-in integrierty check will automatically heal errors and tell you what drive has gone bad.

I can also recommend zfs on debian. Even if you only using two disks you will be still protected from bit rot.

I can recommend dockprom. It comes with grafana preconfigured.

ZFS is rigid? Please explain

Get a mainboard and CPU supporting ECC ram. Combine it with ZFS as the file system. With this setup you are safe from bitrot.

True, but I thought we are talking about security here…?

How would is a typo possible if one is using a password manager?

Tell me

Did you read my message? After one failed attempt you will get banned.

30 character password + fail2ban after one failed attempt. Why not?

Create a sudo rule which allows the user to run only this exact command: “sudo docker restart mycontainer”

Problem with Joplin: The raw files are randomly named so you can’t easily find a specific note