19.03.2026 | Peter Gerken

Block raw network access for a container

docker-compose.offline.yml
services:
  web:
    cap_drop:
      - NET_RAW

Issue:

A containerised Drupal service – or any web service – running in an offline or restricted environment should not be able to send raw network packets. By default, Docker grants containers the NET_RAW Linux capability, which allows tools like ping and arping to craft raw IP packets. This is unnecessary for a web container and increases the attack surface.

Solution:

You can add this to your docker-compose.yml for any service ('web' is our example here) to prevent it from reaching the internet. This can be useful to isolate a potentially unsafe project for an audit for example.

Weitere DevBits

13.11.2025 | Peter Majmesku

Autowire services with the Autowire attribute in Drupal

Example.php
<?php

declare(strict_types=1);

namespace Drupal\my_module;

use Drupal\Core\Session\AccountInterface;
use Symfony\Component\DependencyInjection\Attribute\Autowire;

class Example {

  public function __construct(
    #[Autowire(service: 'current_user')]
    private readonly AccountInterface $currentUser,
  ) {
  }

  public function getCurrentUser(): AccountInterface {
    return $this->currentUser;
  }

}

my_module.services.yml
services:
  my_module.example:
    class: Drupal\my_module\Service\Example
    autowire: true
  Drupal\my_module\Service\Example: '@my_module.example'

php
services
yml / yaml
02.04.2026 | Michael Ebert

Set a custom theme to be used by Symfony Mailer

symfony_mailer.mailer_policy._.yml
configuration:
  email_theme:
    theme: my_custom_theme

yml / yaml
symfony
mail
themes