From bcf3c19ceeac1fee3aaa1b15837d81823d921ec4 Mon Sep 17 00:00:00 2001
From: Gerhard Scheikl <linumiq_net-user@linumiq.com>
Date: Sun, 31 May 2026 10:19:27 +0200
Subject: [PATCH] security update

---
 docker-compose.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 532f53c..fbc847f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,7 +7,7 @@
 # .env.production sets WEB_PROJECT / WEB_IMAGE / WEB_CONTAINER / WEB_NETWORK.
 name: ${WEB_PROJECT:-web}
 services:
-  web:
+  web-dev:
     build:
       context: .
       dockerfile: Dockerfile
@@ -20,6 +20,8 @@ services:
     restart: unless-stopped
     security_opt:
       - no-new-privileges:true
+    cap_drop:
+      - ALL
     env_file:
       - .env.production
     expose: