mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-07-20 17:49:10 +00:00
Merge pull request #2814 from ijc/use-auditd-package
Use auditd package from Alpine 3.7
This commit is contained in:
Rolf Neugebauer
GitHub
commit
256ca3340a
@ -1,15 +1,7 @@
|
||||
FROM linuxkit/alpine:d307c8a386fa3f32cddda9409b9687e191cdd6f1 AS build
|
||||
RUN apk add abuild gcc git
|
||||
|
||||
ADD build.sh /
|
||||
RUN adduser -D -G abuild builder && sudo -u builder /build.sh
|
||||
|
||||
FROM linuxkit/alpine:d307c8a386fa3f32cddda9409b9687e191cdd6f1 AS mirror
|
||||
COPY --from=build /home/builder/*apk /
|
||||
FROM linuxkit/alpine:4584958639b2378246371fe219f33b270667e22e AS mirror
|
||||
|
||||
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
|
||||
RUN apk add --initdb -p /out alpine-baselayout busybox tini
|
||||
RUN apk add --allow-untrusted -p /out /*apk
|
||||
RUN apk add --initdb -p /out alpine-baselayout apk-tools audit busybox tini
|
||||
|
||||
# Remove apk residuals. We have a read-only rootfs, so apk is of no use.
|
||||
RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
|
||||
@ -25,5 +17,3 @@ COPY audit.rules /etc/audit
|
||||
COPY runaudit.sh /usr/bin
|
||||
|
||||
CMD ["/sbin/tini", "/usr/bin/runaudit.sh"]
|
||||
|
||||
LABEL org.mobyproject.config='{"pid": "host", "binds": ["/var/log:/var/log"], "capabilities": ["CAP_AUDIT_CONTROL", "CAP_AUDIT_READ", "CAP_AUDIT_WRITE", "CAP_SYS_NICE"]}'
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
AUDIT_HASH=59763dd8e587d1821f2d039b2bf446c3a31ea58e
|
||||
|
||||
set -e
|
||||
|
||||
cd /home/builder
|
||||
|
||||
git clone https://github.com/alpinelinux/aports && cd aports && git checkout $AUDIT_HASH
|
||||
cd testing/audit
|
||||
|
||||
abuild-keygen -a
|
||||
abuild -F -r
|
||||
|
||||
find ~/packages
|
||||
cp ~/packages/testing/$(abuild -A)/*apk ~
|
||||
@ -1,2 +1,11 @@
|
||||
image: auditd
|
||||
network: true
|
||||
config:
|
||||
pid: host
|
||||
binds:
|
||||
- /var/log:/var/log
|
||||
capabilities:
|
||||
- CAP_AUDIT_CONTROL
|
||||
- CAP_AUDIT_READ
|
||||
- CAP_AUDIT_WRITE
|
||||
- CAP_SYS_NICE
|
||||
|
||||
@ -4,6 +4,7 @@ alpine-keys
|
||||
apk-tools
|
||||
argp-standalone
|
||||
attr-dev
|
||||
audit
|
||||
autoconf
|
||||
automake
|
||||
bash
|
||||
|
||||
@ -1,13 +1,15 @@
|
||||
# linuxkit/alpine:dd9b3a4d8c6c7a21b8457aa3017d06eb97ed731c-arm64
|
||||
# linuxkit/alpine:9d29dc154440859d729ba864ffd67bb4c90e630d-arm64
|
||||
# automatically generated list of installed packages
|
||||
abuild-3.1.0-r3
|
||||
alpine-baselayout-3.0.5-r2
|
||||
alpine-keys-2.1-r1
|
||||
alsa-lib-1.1.4.1-r2
|
||||
apk-tools-2.8.1-r1
|
||||
apk-tools-2.8.1-r2
|
||||
argp-standalone-1.3-r2
|
||||
attr-2.4.47-r6
|
||||
attr-dev-2.4.47-r6
|
||||
audit-2.7.7-r1
|
||||
audit-libs-2.7.7-r1
|
||||
autoconf-2.69-r0
|
||||
automake-1.15.1-r0
|
||||
bash-4.4.12-r2
|
||||
@ -23,7 +25,7 @@ btrfs-progs-4.13.2-r0
|
||||
btrfs-progs-dev-4.13.2-r0
|
||||
btrfs-progs-libs-4.13.2-r0
|
||||
build-base-0.5-r0
|
||||
busybox-1.27.2-r6
|
||||
busybox-1.27.2-r7
|
||||
busybox-initscripts-3.1-r2
|
||||
bzip2-1.0.6-r6
|
||||
ca-certificates-20171114-r0
|
||||
@ -264,7 +266,7 @@ vim-8.0.1359-r0
|
||||
wayland-libs-client-1.14.0-r2
|
||||
wayland-libs-cursor-1.14.0-r2
|
||||
wayland-libs-server-1.14.0-r2
|
||||
wireguard-tools-0.0.20171127-r0
|
||||
wireguard-tools-0.0.20171211-r0
|
||||
wireless-tools-30_pre9-r0
|
||||
wpa_supplicant-2.6-r8
|
||||
xfsprogs-4.14.0-r0
|
||||
|
||||
@ -1,13 +1,15 @@
|
||||
# linuxkit/alpine:d307c8a386fa3f32cddda9409b9687e191cdd6f1-amd64
|
||||
# linuxkit/alpine:4584958639b2378246371fe219f33b270667e22e-amd64
|
||||
# automatically generated list of installed packages
|
||||
abuild-3.1.0-r3
|
||||
alpine-baselayout-3.0.5-r2
|
||||
alpine-keys-2.1-r1
|
||||
alsa-lib-1.1.4.1-r2
|
||||
apk-tools-2.8.1-r1
|
||||
apk-tools-2.8.1-r2
|
||||
argp-standalone-1.3-r2
|
||||
attr-2.4.47-r6
|
||||
attr-dev-2.4.47-r6
|
||||
audit-2.7.7-r1
|
||||
audit-libs-2.7.7-r1
|
||||
autoconf-2.69-r0
|
||||
automake-1.15.1-r0
|
||||
bash-4.4.12-r2
|
||||
@ -23,7 +25,7 @@ btrfs-progs-4.13.2-r0
|
||||
btrfs-progs-dev-4.13.2-r0
|
||||
btrfs-progs-libs-4.13.2-r0
|
||||
build-base-0.5-r0
|
||||
busybox-1.27.2-r6
|
||||
busybox-1.27.2-r7
|
||||
busybox-initscripts-3.1-r2
|
||||
bzip2-1.0.6-r6
|
||||
ca-certificates-20171114-r0
|
||||
@ -116,7 +118,7 @@ libcap-2.25-r1
|
||||
libcap-ng-0.7.8-r1
|
||||
libcap-ng-dev-0.7.8-r1
|
||||
libcom_err-1.43.7-r0
|
||||
libcrypto1.0-1.0.2m-r0
|
||||
libcrypto1.0-1.0.2n-r0
|
||||
libcurl-7.57.0-r0
|
||||
libdrm-2.4.88-r0
|
||||
libedit-20170329.3.1-r3
|
||||
@ -163,7 +165,7 @@ libseccomp-2.3.2-r0
|
||||
libseccomp-dev-2.3.2-r0
|
||||
libsmartcols-2.31-r0
|
||||
libssh2-1.8.0-r2
|
||||
libssl1.0-1.0.2m-r0
|
||||
libssl1.0-1.0.2n-r0
|
||||
libstdc++-6.4.0-r5
|
||||
libtasn1-4.12-r2
|
||||
libtirpc-1.0.1-r2
|
||||
@ -212,8 +214,8 @@ openrc-0.24.1-r4
|
||||
openssh-keygen-7.5_p1-r7
|
||||
openssh-server-7.5_p1-r7
|
||||
openssh-server-common-7.5_p1-r7
|
||||
openssl-1.0.2m-r0
|
||||
openssl-dev-1.0.2m-r0
|
||||
openssl-1.0.2n-r0
|
||||
openssl-dev-1.0.2n-r0
|
||||
opus-1.2.1-r1
|
||||
ovmf-0.0.20170624-r0
|
||||
p11-kit-0.23.2-r2
|
||||
@ -272,7 +274,7 @@ vim-8.0.1359-r0
|
||||
wayland-libs-client-1.14.0-r2
|
||||
wayland-libs-cursor-1.14.0-r2
|
||||
wayland-libs-server-1.14.0-r2
|
||||
wireguard-tools-0.0.20171127-r0
|
||||
wireguard-tools-0.0.20171211-r0
|
||||
wireless-tools-30_pre9-r0
|
||||
wpa_supplicant-2.6-r8
|
||||
xfsprogs-4.14.0-r0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user