github pterodactyl/daemon v0.2.1-beta
0.2.1 Beta

latest releases: v0.6.13, v0.6.12, v0.6.11...
5 years ago

This release is mostly focused at fixing a few small bugs and implementing more restrictive security policies in containers.

An upgrade guide is available here.

New Features

  • Configurable DNS servers in core configuration for docker containers.
  • Bungeecord containers no longer spam up the console with ping information.
  • Use container:port in configuration files in place of localhost or 127.0.0.1 for local resolving (i.e. Bungeecord).

Bug Fixes

  • If an environment variable is set to null don't even send it to the docker container. Fixes unset variable check bug for Spigot building.
  • Fixed startup sequence to actually mark status as starting as well as prevent querying server until completely started.

Security

  • Root filesystem in containers is now entirely read-only. Container applications can only write to /home/container and /tmp.
  • Prevent logging server output through docker logging methods. Fixes a potential DoS attack vector (and also saves space).
  • Drops the following capabilities from containers: setpcap, mknod, audit_write, chown, net_raw, dac_override, fowner, fsetid, kill, setgid, setuid, net_bind_service, sys_chroot, setfcap in addition to default dropped capabilities.
  • Containers are now in isolated networks and unable to directly connect to a container's specific IP address. The daemon will automatically create this network interface on boot.

Don't miss a new daemon release

NewReleases is sending notifications on new releases.