BREAKING CHANGE: Socket directory now mounted read-only into containers
for security. Prevents compromised containers from:
- Unlinking socket and creating man-in-the-middle proxies
- Filling /run/pulse-sensor-proxy/ to exhaust tmpfs
- Racing proxy service on restart to hijack socket path
Migration: Change socket mounts from :rw to :ro in docker-compose.yml
Access control enforced via SO_PEERCRED, so write access not needed.
Related to security audit 2025-11-07.
This corrects several issues with the temperature proxy configuration
in the example docker-compose.yml:
Issues fixed:
1. **Wrong mount path**: Was using /mnt/pulse-proxy (LXC path) instead of
/run/pulse-sensor-proxy (Docker path). While the client auto-detects both
paths, this was inconsistent with documentation.
2. **Wrong permissions**: Was mounted as :ro (read-only) but needs :rw
(read-write) for the Unix socket to work properly.
3. **Enabled by default**: Would cause container startup issues if the
proxy wasn't installed on the host.
Changes:
- Commented out the bind mount by default (requires manual setup)
- Changed path from /mnt/pulse-proxy to /run/pulse-sensor-proxy
- Changed permissions from :ro to :rw
- Added clear comment explaining it requires setup with --standalone flag
- Points users to documentation
Now matches the documented Docker setup process and won't break
fresh installations where the proxy isn't installed yet.
