Excalidraw
Excalidraw Details
Added: 2025-09-05
Last Updated: 2025-11-28
Added: 2025-09-05
Last Updated: 2025-11-28
Virtual whiteboard for sketching hand-drawn like diagrams
Run as Context- Excalidraw runs as root user.
Group: 0 / root
User: 0 / root
×
![Full Screenshot]()
Security Capabilities
- Excalidraw is able to change file ownership arbitrarily
- Excalidraw is able to bypass file permission checks
- Excalidraw is able to bypass permission checks for file operations
- Excalidraw is able to bind to privileged ports (< 1024)
- Excalidraw is able to change group ID of processes
- Excalidraw is able to change user ID of processes
App Metadata (Raw File)
{
"1.0.7": {
"healthy": true,
"supported": true,
"healthy_error": null,
"location": "/__w/apps/apps/trains/community/excalidraw/1.0.7",
"last_update": "2025-11-28 16:17:12",
"required_features": [],
"human_version": "latest_1.0.7",
"version": "1.0.7",
"app_metadata": {
"app_version": "latest",
"capabilities": [
{
"description": "Excalidraw is able to change file ownership arbitrarily",
"name": "CHOWN"
},
{
"description": "Excalidraw is able to bypass file permission checks",
"name": "DAC_OVERRIDE"
},
{
"description": "Excalidraw is able to bypass permission checks for file operations",
"name": "FOWNER"
},
{
"description": "Excalidraw is able to bind to privileged ports (< 1024)",
"name": "NET_BIND_SERVICE"
},
{
"description": "Excalidraw is able to change group ID of processes",
"name": "SETGID"
},
{
"description": "Excalidraw is able to change user ID of processes",
"name": "SETUID"
}
],
"categories": [
"productivity"
],
"changelog_url": "https://github.com/excalidraw/excalidraw/releases",
"date_added": "2025-09-05",
"description": "Virtual whiteboard for sketching hand-drawn like diagrams",
"home": "https://excalidraw.com/",
"host_mounts": [],
"icon": "https://media.sys.truenas.net/apps/excalidraw/icons/icon.svg",
"keywords": [
"diagram"
],
"lib_version": "2.1.65",
"lib_version_hash": "f92a9ee78c78fc77f86e7d8b545bd4c605c31c599e2c5da59f1615aa516cb8b5",
"maintainers": [
{
"email": "dev@truenas.com",
"name": "truenas",
"url": "https://www.truenas.com/"
}
],
"name": "excalidraw",
"run_as_context": [
{
"description": "Excalidraw runs as root user.",
"gid": 0,
"group_name": "root",
"uid": 0,
"user_name": "root"
}
],
"screenshots": [],
"sources": [
"https://hub.docker.com/r/excalidraw/excalidraw",
"https://github.com/excalidraw/excalidraw"
],
"title": "Excalidraw",
"train": "community",
"version": "1.0.7"
},
"schema": {
"groups": [
{
"name": "Excalidraw Configuration",
"description": "Configure Excalidraw"
},
{
"name": "Network Configuration",
"description": "Configure Network for Excalidraw"
},
{
"name": "Storage Configuration",
"description": "Configure Storage for Excalidraw"
},
{
"name": "Labels Configuration",
"description": "Configure Labels for Excalidraw"
},
{
"name": "Resources Configuration",
"description": "Configure Resources for Excalidraw"
}
],
"questions": [
{
"variable": "TZ",
"group": "Excalidraw Configuration",
"label": "Timezone",
"schema": {
"type": "string",
"default": "Etc/UTC",
"required": true,
"$ref": [
"definitions/timezone"
]
}
},
{
"variable": "excalidraw",
"label": "",
"group": "Excalidraw Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "additional_envs",
"label": "Additional Environment Variables",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "env",
"label": "Environment Variable",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "name",
"label": "Name",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "value",
"label": "Value",
"schema": {
"type": "string"
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "network",
"label": "",
"group": "Network Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "web_port",
"label": "WebUI Port",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "bind_mode",
"label": "Port Bind Mode",
"description": "The port bind mode.</br>\n- Publish: The port will be published on the host for external access.</br>\n- Expose: The port will be exposed for inter-container communication.</br>\n- None: The port will not be exposed or published.</br>\nNote: If the Dockerfile defines an EXPOSE directive,\nthe port will still be exposed for inter-container communication regardless of this setting.\n",
"schema": {
"type": "string",
"default": "published",
"enum": [
{
"value": "published",
"description": "Publish port on the host for external access"
},
{
"value": "exposed",
"description": "Expose port for inter-container communication"
},
{
"value": "",
"description": "None"
}
]
}
},
{
"variable": "port_number",
"label": "Port Number",
"schema": {
"type": "int",
"show_if": [
[
"bind_mode",
"=",
"published"
]
],
"default": 30255,
"min": 1,
"max": 65535,
"required": true
}
},
{
"variable": "host_ips",
"label": "Host IPs",
"description": "IPs on the host to bind this port",
"schema": {
"type": "list",
"show_if": [
[
"bind_mode",
"=",
"published"
]
],
"default": [],
"items": [
{
"variable": "host_ip",
"label": "Host IP",
"schema": {
"type": "string",
"required": true,
"$ref": [
"definitions/node_bind_ip"
]
}
}
]
}
}
]
}
},
{
"variable": "host_network",
"label": "Host Network",
"description": "Bind to the host network. It's recommended to keep this disabled.\n",
"schema": {
"type": "boolean",
"default": false
}
}
]
}
},
{
"variable": "storage",
"label": "",
"group": "Storage Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "additional_storage",
"label": "Additional Storage",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "storageEntry",
"label": "Storage Entry",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "type",
"label": "Type",
"description": "ixVolume: Is dataset created automatically by the system.</br>\nHost Path: Is a path that already exists on the system.</br>\nSMB Share: Is a SMB share that is mounted to as a volume.</br>\nNFS Share: Is a NFS share that is mounted to as a volume.\n",
"schema": {
"type": "string",
"required": true,
"default": "ix_volume",
"enum": [
{
"value": "host_path",
"description": "Host Path (Path that already exists on the system)"
},
{
"value": "ix_volume",
"description": "ixVolume (Dataset created automatically by the system)"
},
{
"value": "cifs",
"description": "SMB/CIFS Share (Mounts a volume to a SMB share)"
},
{
"value": "nfs",
"description": "NFS Share (Mounts a volume to a NFS share)"
}
]
}
},
{
"variable": "read_only",
"label": "Read Only",
"description": "Mount the volume as read only.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "mount_path",
"label": "Mount Path",
"description": "The path inside the container to mount the storage.",
"schema": {
"type": "path",
"required": true
}
},
{
"variable": "host_path_config",
"label": "Host Path Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"host_path"
]
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "acl",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
},
{
"variable": "path",
"label": "Host Path",
"description": "The host path to use for storage.",
"schema": {
"type": "hostpath",
"show_if": [
[
"acl_enable",
"=",
false
]
],
"required": true
}
}
]
}
},
{
"variable": "ix_volume_config",
"label": "ixVolume Configuration",
"description": "The configuration for the ixVolume dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"ix_volume"
]
],
"$ref": [
"normalize/ix_volume"
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "dataset_name",
"label": "Dataset Name",
"description": "The name of the dataset to use for storage.",
"schema": {
"type": "string",
"required": true,
"default": "storage_entry"
}
},
{
"variable": "acl_entries",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
}
]
}
},
{
"variable": "cifs_config",
"label": "SMB Configuration",
"description": "The configuration for the SMB dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"cifs"
]
],
"attrs": [
{
"variable": "server",
"label": "Server",
"description": "The server to mount the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "path",
"label": "Path",
"description": "The path to mount the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "username",
"label": "Username",
"description": "The username to use for the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "password",
"label": "Password",
"description": "The password to use for the SMB share.",
"schema": {
"type": "string",
"required": true,
"private": true
}
},
{
"variable": "domain",
"label": "Domain",
"description": "The domain to use for the SMB share.",
"schema": {
"type": "string"
}
}
]
}
},
{
"variable": "nfs_config",
"label": "NFS Configuration",
"description": "The configuration for the NFS dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"nfs"
]
],
"attrs": [
{
"variable": "server",
"label": "Server",
"description": "The server to mount the NFS share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "path",
"label": "Path",
"description": "The path to mount the NFS share.",
"schema": {
"type": "string",
"required": true
}
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "labels",
"label": "",
"group": "Labels Configuration",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "label",
"label": "Label",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "key",
"label": "Key",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "value",
"label": "Value",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "containers",
"label": "Containers",
"description": "Containers where the label should be applied",
"schema": {
"type": "list",
"items": [
{
"variable": "container",
"label": "Container",
"schema": {
"type": "string",
"required": true,
"enum": [
{
"value": "excalidraw",
"description": "excalidraw"
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "resources",
"label": "",
"group": "Resources Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "limits",
"label": "Limits",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "cpus",
"label": "CPUs",
"description": "CPUs limit for Excalidraw.",
"schema": {
"type": "int",
"default": 2,
"required": true
}
},
{
"variable": "memory",
"label": "Memory (in MB)",
"description": "Memory limit for Excalidraw.",
"schema": {
"type": "int",
"default": 4096,
"required": true
}
}
]
}
}
]
}
}
]
},
"readme": "<h1>Excalidraw</h1> <p><a href=\"https://excalidraw.com\">Excalidraw</a> is a virtual whiteboard for sketching hand-drawn like diagrams.</p>",
"changelog": null,
"chart_metadata": {
"app_version": "latest",
"capabilities": [
{
"description": "Excalidraw is able to change file ownership arbitrarily",
"name": "CHOWN"
},
{
"description": "Excalidraw is able to bypass file permission checks",
"name": "DAC_OVERRIDE"
},
{
"description": "Excalidraw is able to bypass permission checks for file operations",
"name": "FOWNER"
},
{
"description": "Excalidraw is able to bind to privileged ports (< 1024)",
"name": "NET_BIND_SERVICE"
},
{
"description": "Excalidraw is able to change group ID of processes",
"name": "SETGID"
},
{
"description": "Excalidraw is able to change user ID of processes",
"name": "SETUID"
}
],
"categories": [
"productivity"
],
"changelog_url": "https://github.com/excalidraw/excalidraw/releases",
"date_added": "2025-09-05",
"description": "Virtual whiteboard for sketching hand-drawn like diagrams",
"home": "https://excalidraw.com/",
"host_mounts": [],
"icon": "https://media.sys.truenas.net/apps/excalidraw/icons/icon.svg",
"keywords": [
"diagram"
],
"lib_version": "2.1.65",
"lib_version_hash": "f92a9ee78c78fc77f86e7d8b545bd4c605c31c599e2c5da59f1615aa516cb8b5",
"maintainers": [
{
"email": "dev@truenas.com",
"name": "truenas",
"url": "https://www.truenas.com/"
}
],
"name": "excalidraw",
"run_as_context": [
{
"description": "Excalidraw runs as root user.",
"gid": 0,
"group_name": "root",
"uid": 0,
"user_name": "root"
}
],
"screenshots": [],
"sources": [
"https://hub.docker.com/r/excalidraw/excalidraw",
"https://github.com/excalidraw/excalidraw"
],
"title": "Excalidraw",
"train": "community",
"version": "1.0.7"
}
}
}Support, maintenance, and documentation for applications within the Community catalog is handled by the TrueNAS community. The TrueNAS Applications Market hosts but does not validate or maintain any linked resources associated with this app.
There currently aren’t any resources available for this application!
Please help the TrueNAS community add resources here or discuss this application in the TrueNAS Community forum.