From 10a29ba9250b64db0e15f666dc5d1ba78a0c31f8 Mon Sep 17 00:00:00 2001
From: fahminlb33 <fahmi@kodesiana.com>
Date: Fri, 25 Oct 2024 07:31:03 +0700
Subject: [PATCH] fix: permissions

---
 roles/flame/tasks/main.yml                   | 2 +-
 roles/prometheus/tasks/exporter-cadvisor.yml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/flame/tasks/main.yml b/roles/flame/tasks/main.yml
index 1d6db78..ed8dfac 100644
--- a/roles/flame/tasks/main.yml
+++ b/roles/flame/tasks/main.yml
@@ -24,7 +24,7 @@
     networks:
       - name: "{{ docker_network.name }}"
     volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
       - "{{ flame_config_dir.path }}:/app/data:rw"
     env:
       PASSWORD: "{{ flame_password }}"
diff --git a/roles/prometheus/tasks/exporter-cadvisor.yml b/roles/prometheus/tasks/exporter-cadvisor.yml
index 7a0d93c..0657ba8 100644
--- a/roles/prometheus/tasks/exporter-cadvisor.yml
+++ b/roles/prometheus/tasks/exporter-cadvisor.yml
@@ -10,7 +10,7 @@
     name: exporter_cadvisor
     image: "{{ prometheus_exporters.cadvisor.image }}"
     recreate: true
-    user: "{{ docker_user.uid }}:{{ docker_user.gid }}"
+    # user: "{{ docker_user.uid }}:{{ docker_user.gid }}"
     privileged: true
     restart_policy: unless-stopped
     published_ports:
@@ -20,7 +20,7 @@
     volumes:
       - /:/rootfs:ro
       - /sys:/sys:ro
-      - /var/run:/var/run:rw
+      - /var/run:/var/run:ro
       - /var/lib/docker/:/var/lib/docker:ro
       - /dev/disk/:/dev/disk:ro
     devices: