mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-08 03:01:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

fix(docker): refuse root gateway runs in official image

Browse source
This commit is contained in:
LeonSGP43 2026-05-03 20:56:08 +08:00 committed by Teknium
parent afbcca0f06
commit 84287b0de8
4 changed files with 81 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
website/docs/user-guide/docker.md
View file

@ -271,6 +271,10 @@ The entrypoint script (`docker/entrypoint.sh`) bootstraps the data volume on fir
- Optionally launches `hermes dashboard` as a background side-process when `HERMES_DASHBOARD=1` (see [Running the dashboard](#running-the-dashboard))
- Then runs `hermes` with whatever arguments you pass
:::warning
Do not override the image entrypoint unless you keep `/opt/hermes/docker/entrypoint.sh` in the command chain. The entrypoint drops root privileges to the `hermes` user before gateway state files are created. Starting `hermes gateway run` as root inside the official image is refused by default because it can leave root-owned files in `/opt/data` and break later dashboard or gateway starts. Set `HERMES_ALLOW_ROOT_GATEWAY=1` only when you intentionally accept that risk.
:::
## Upgrading
Pull the latest image and recreate the container. Your data directory is untouched.