From 02cb08c389b2f08024735b42661d1939818b2ced Mon Sep 17 00:00:00 2001 From: thespad Date: Thu, 9 Jan 2025 20:40:55 +0000 Subject: [PATCH] Add support notice, clarify DOCKER_MODS env --- README.md | 4 +++- readme-vars.yml | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index db8359c..14c0082 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ The architectures supported by this image are: ## Application Setup -You can specify mods to download via the `DOCKER_MODS` environment variable like any other container, or allow discovery through docker by mounting the docker socket into the container (or configuring a suitable alternative endpoint via the built-in `DOCKER_HOST` environment variable). +You can specify mods to download via the `DOCKER_MODS` environment variable like any other container, or allow discovery through docker by mounting the docker socket into the container (or configuring a suitable alternative endpoint via the built-in `DOCKER_HOST` environment variable). Whichever option you choose the appropriate `DOCKER_MODS` environment variable must still be present on the containers that need to install them. The Modmanager container will download all needed mods on startup and then check for updates every 6 hours; if you're using docker discovery it will automatically pick up any new mods. @@ -62,6 +62,8 @@ If a mod requires additional packages to be installed, each container will still Note that the Modmanager container itself does not support applying mods *or* custom files/services. +**Modmanager is only supported for use with Linuxserver images built after 2025-01-01, while it may work with 3rd party containers using our images as a base we will not provide support for them.** + ### Security considerations Mapping `docker.sock` is a potential security liability because docker has root access on the host and any process that has full access to `docker.sock` would therefore also have root access on the host. The docker API has no built-in way to set limitations on access, however, you can use a proxy for `docker.sock` via a solution like [our docker socket proxy](https://github.com/linuxserver/docker-socket-proxy), which adds the ability to limit API access to specific endpoints. diff --git a/readme-vars.yml b/readme-vars.yml index b0c167c..0c94283 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -56,7 +56,7 @@ full_custom_readme: | ## Application Setup - You can specify mods to download via the `DOCKER_MODS` environment variable like any other container, or allow discovery through docker by mounting the docker socket into the container (or configuring a suitable alternative endpoint via the built-in `DOCKER_HOST` environment variable). + You can specify mods to download via the `DOCKER_MODS` environment variable like any other container, or allow discovery through docker by mounting the docker socket into the container (or configuring a suitable alternative endpoint via the built-in `DOCKER_HOST` environment variable). Whichever option you choose the appropriate `DOCKER_MODS` environment variable must still be present on the containers that need to install them. The Modmanager container will download all needed mods on startup and then check for updates every 6 hours; if you're using docker discovery it will automatically pick up any new mods. @@ -66,6 +66,8 @@ full_custom_readme: | Note that the Modmanager container itself does not support applying mods *or* custom files/services. + **Modmanager is only supported for use with Linuxserver images built after 2025-01-01, while it may work with 3rd party containers using our images as a base we will not provide support for them.** + ### Security considerations Mapping `docker.sock` is a potential security liability because docker has root access on the host and any process that has full access to `docker.sock` would therefore also have root access on the host. The docker API has no built-in way to set limitations on access, however, you can use a proxy for `docker.sock` via a solution like [our docker socket proxy](https://github.com/linuxserver/docker-socket-proxy), which adds the ability to limit API access to specific endpoints.