Add more cap_drop

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>

infrastructure/it-tools/docker-compose.it-tools.yml

@@ -10,9 +10,12 @@ services:
       - caddy
     networks:
       - infra-network
+    read_only: false
     security_opt:
       - no-new-privileges:true
-    read_only: false
+    cap_drop:
+      - SYS_ADMIN
+
     deploy:
       resources:
         limits:
@@ -21,6 +24,7 @@ services:
         reservations:
           cpus: '0.001'
           memory: 20M
+
   it-tools1:
     image: corentinth/it-tools:latest
     container_name: it-tools1
@@ -31,9 +35,12 @@ services:
       - caddy
     networks:
       - infra-network
+    read_only: false
     security_opt:
       - no-new-privileges:true
-    read_only: false
+    cap_drop:
+      - SYS_ADMIN
+
     deploy:
       resources:
         limits:

infrastructure/picoshare/docker-compose.picoshare.yml

@@ -16,9 +16,11 @@ services:
       - infra-network
     security_opt:
       - no-new-privileges:true
-    read_only: true
+    read_only: false
-    tmpfs:
+    cap_drop:
-      - /tmp
+      - SYS_ADMIN
+#    tmpfs:
+#      - /tmp
     deploy:
       resources:
         limits:

infrastructure/projectsend/docker-compose.projectsend.yml

@@ -18,6 +18,8 @@ services:
       - infra-network
     security_opt:
       - no-new-privileges:true
+    cap_drop:
+      - SYS_ADMIN
 
   # Database projectsend
   projectsend_db:

infrastructure/uptime-kuma/docker-compose.uptime-kuma.yml

@@ -14,6 +14,8 @@ services:
       - infra-network
     security_opt:
       - no-new-privileges:true
+    cap_drop:
+      - SYS_ADMIN
 
 volumes:
   uptimekuma_data: