github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-20 17:49:10 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2814 from ijc/use-auditd-package

Browse Source 
Use auditd package from Alpine 3.7
This commit is contained in:
Rolf Neugebauer 2017-12-15 18:16:54 +00:00 committed by GitHub
commit 256ca3340a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 28 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/auditd/Dockerfile
View File

@ -1,15 +1,7 @@
FROM linuxkit/alpine:d307c8a386fa3f32cddda9409b9687e191cdd6f1 AS build FROM linuxkit/alpine:4584958639b2378246371fe219f33b270667e22e AS mirror
RUN apk add abuild gcc git
ADD build.sh /
RUN adduser -D -G abuild builder && sudo -u builder /build.sh
FROM linuxkit/alpine:d307c8a386fa3f32cddda9409b9687e191cdd6f1 AS mirror
COPY --from=build /home/builder/*apk /
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk add --initdb -p /out alpine-baselayout busybox tini RUN apk add --initdb -p /out alpine-baselayout apk-tools audit busybox tini
RUN apk add --allow-untrusted -p /out /*apk
# Remove apk residuals. We have a read-only rootfs, so apk is of no use. # Remove apk residuals. We have a read-only rootfs, so apk is of no use.
RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
@ -25,5 +17,3 @@ COPY audit.rules /etc/audit
COPY runaudit.sh /usr/bin COPY runaudit.sh /usr/bin
CMD ["/sbin/tini", "/usr/bin/runaudit.sh"] CMD ["/sbin/tini", "/usr/bin/runaudit.sh"]
LABEL org.mobyproject.config='{"pid": "host", "binds": ["/var/log:/var/log"], "capabilities": ["CAP_AUDIT_CONTROL", "CAP_AUDIT_READ", "CAP_AUDIT_WRITE", "CAP_SYS_NICE"]}'

16
pkg/auditd/build.sh
View File

@ -1,16 +0,0 @@
#!/bin/sh
AUDIT_HASH=59763dd8e587d1821f2d039b2bf446c3a31ea58e
set -e
cd /home/builder
git clone https://github.com/alpinelinux/aports && cd aports && git checkout $AUDIT_HASH
cd testing/audit
abuild-keygen -a
abuild -F -r
find ~/packages
cp ~/packages/testing/$(abuild -A)/*apk ~

9
pkg/auditd/build.yml
View File

@ -1,2 +1,11 @@
image: auditd image: auditd
network: true network: true
config:
pid: host
binds:
- /var/log:/var/log
capabilities:
- CAP_AUDIT_CONTROL
- CAP_AUDIT_READ
- CAP_AUDIT_WRITE
- CAP_SYS_NICE

1
tools/alpine/packages
View File

@ -4,6 +4,7 @@ alpine-keys
apk-tools apk-tools
argp-standalone argp-standalone
attr-dev attr-dev
audit
autoconf autoconf
automake automake
bash bash

10
tools/alpine/versions.aarch64
View File

@ -1,13 +1,15 @@
# linuxkit/alpine:dd9b3a4d8c6c7a21b8457aa3017d06eb97ed731c-arm64 # linuxkit/alpine:9d29dc154440859d729ba864ffd67bb4c90e630d-arm64
# automatically generated list of installed packages # automatically generated list of installed packages
abuild-3.1.0-r3 abuild-3.1.0-r3
alpine-baselayout-3.0.5-r2 alpine-baselayout-3.0.5-r2
alpine-keys-2.1-r1 alpine-keys-2.1-r1
alsa-lib-1.1.4.1-r2 alsa-lib-1.1.4.1-r2
apk-tools-2.8.1-r1 apk-tools-2.8.1-r2
argp-standalone-1.3-r2 argp-standalone-1.3-r2
attr-2.4.47-r6 attr-2.4.47-r6
attr-dev-2.4.47-r6 attr-dev-2.4.47-r6
audit-2.7.7-r1
audit-libs-2.7.7-r1
autoconf-2.69-r0 autoconf-2.69-r0
automake-1.15.1-r0 automake-1.15.1-r0
bash-4.4.12-r2 bash-4.4.12-r2
@ -23,7 +25,7 @@ btrfs-progs-4.13.2-r0
btrfs-progs-dev-4.13.2-r0 btrfs-progs-dev-4.13.2-r0
btrfs-progs-libs-4.13.2-r0 btrfs-progs-libs-4.13.2-r0
build-base-0.5-r0 build-base-0.5-r0
busybox-1.27.2-r6 busybox-1.27.2-r7
busybox-initscripts-3.1-r2 busybox-initscripts-3.1-r2
bzip2-1.0.6-r6 bzip2-1.0.6-r6
ca-certificates-20171114-r0 ca-certificates-20171114-r0
@ -264,7 +266,7 @@ vim-8.0.1359-r0
wayland-libs-client-1.14.0-r2 wayland-libs-client-1.14.0-r2
wayland-libs-cursor-1.14.0-r2 wayland-libs-cursor-1.14.0-r2
wayland-libs-server-1.14.0-r2 wayland-libs-server-1.14.0-r2
wireguard-tools-0.0.20171127-r0 wireguard-tools-0.0.20171211-r0
wireless-tools-30_pre9-r0 wireless-tools-30_pre9-r0
wpa_supplicant-2.6-r8 wpa_supplicant-2.6-r8
xfsprogs-4.14.0-r0 xfsprogs-4.14.0-r0

18
tools/alpine/versions.x86_64
View File

@ -1,13 +1,15 @@
# linuxkit/alpine:d307c8a386fa3f32cddda9409b9687e191cdd6f1-amd64 # linuxkit/alpine:4584958639b2378246371fe219f33b270667e22e-amd64
# automatically generated list of installed packages # automatically generated list of installed packages
abuild-3.1.0-r3 abuild-3.1.0-r3
alpine-baselayout-3.0.5-r2 alpine-baselayout-3.0.5-r2
alpine-keys-2.1-r1 alpine-keys-2.1-r1
alsa-lib-1.1.4.1-r2 alsa-lib-1.1.4.1-r2
apk-tools-2.8.1-r1 apk-tools-2.8.1-r2
argp-standalone-1.3-r2 argp-standalone-1.3-r2
attr-2.4.47-r6 attr-2.4.47-r6
attr-dev-2.4.47-r6 attr-dev-2.4.47-r6
audit-2.7.7-r1
audit-libs-2.7.7-r1
autoconf-2.69-r0 autoconf-2.69-r0
automake-1.15.1-r0 automake-1.15.1-r0
bash-4.4.12-r2 bash-4.4.12-r2
@ -23,7 +25,7 @@ btrfs-progs-4.13.2-r0
btrfs-progs-dev-4.13.2-r0 btrfs-progs-dev-4.13.2-r0
btrfs-progs-libs-4.13.2-r0 btrfs-progs-libs-4.13.2-r0
build-base-0.5-r0 build-base-0.5-r0
busybox-1.27.2-r6 busybox-1.27.2-r7
busybox-initscripts-3.1-r2 busybox-initscripts-3.1-r2
bzip2-1.0.6-r6 bzip2-1.0.6-r6
ca-certificates-20171114-r0 ca-certificates-20171114-r0
@ -116,7 +118,7 @@ libcap-2.25-r1
libcap-ng-0.7.8-r1 libcap-ng-0.7.8-r1
libcap-ng-dev-0.7.8-r1 libcap-ng-dev-0.7.8-r1
libcom_err-1.43.7-r0 libcom_err-1.43.7-r0
libcrypto1.0-1.0.2m-r0 libcrypto1.0-1.0.2n-r0
libcurl-7.57.0-r0 libcurl-7.57.0-r0
libdrm-2.4.88-r0 libdrm-2.4.88-r0
libedit-20170329.3.1-r3 libedit-20170329.3.1-r3
@ -163,7 +165,7 @@ libseccomp-2.3.2-r0
libseccomp-dev-2.3.2-r0 libseccomp-dev-2.3.2-r0
libsmartcols-2.31-r0 libsmartcols-2.31-r0
libssh2-1.8.0-r2 libssh2-1.8.0-r2
libssl1.0-1.0.2m-r0 libssl1.0-1.0.2n-r0
libstdc++-6.4.0-r5 libstdc++-6.4.0-r5
libtasn1-4.12-r2 libtasn1-4.12-r2
libtirpc-1.0.1-r2 libtirpc-1.0.1-r2
@ -212,8 +214,8 @@ openrc-0.24.1-r4
openssh-keygen-7.5_p1-r7 openssh-keygen-7.5_p1-r7
openssh-server-7.5_p1-r7 openssh-server-7.5_p1-r7
openssh-server-common-7.5_p1-r7 openssh-server-common-7.5_p1-r7
openssl-1.0.2m-r0 openssl-1.0.2n-r0
openssl-dev-1.0.2m-r0 openssl-dev-1.0.2n-r0
opus-1.2.1-r1 opus-1.2.1-r1
ovmf-0.0.20170624-r0 ovmf-0.0.20170624-r0
p11-kit-0.23.2-r2 p11-kit-0.23.2-r2
@ -272,7 +274,7 @@ vim-8.0.1359-r0
wayland-libs-client-1.14.0-r2 wayland-libs-client-1.14.0-r2
wayland-libs-cursor-1.14.0-r2 wayland-libs-cursor-1.14.0-r2
wayland-libs-server-1.14.0-r2 wayland-libs-server-1.14.0-r2
wireguard-tools-0.0.20171127-r0 wireguard-tools-0.0.20171211-r0
wireless-tools-30_pre9-r0 wireless-tools-30_pre9-r0
wpa_supplicant-2.6-r8 wpa_supplicant-2.6-r8
xfsprogs-4.14.0-r0 xfsprogs-4.14.0-r0