mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-07-21 10:09:07 +00:00
Merge pull request #991 from riyazdf/test-container-riddler
Use riddler to generate containerd configuration for test container
This commit is contained in:
Justin Cormack
GitHub
commit
36550acf83
1
alpine/test/.gitignore
vendored
1
alpine/test/.gitignore
vendored
@ -1,3 +1,4 @@
|
||||
ca-certificates.crt
|
||||
mksh
|
||||
rootfs
|
||||
config.json
|
||||
|
||||
@ -8,7 +8,7 @@ CACERT_IMAGE=mobylinux/ca-certificates@sha256:6ca2dca9cfb8534a55f3a17f8797943527
|
||||
CACERT_FILE=ca-certificates.crt
|
||||
CACERT_PATH=/etc/ssl/certs
|
||||
|
||||
default: rootfs
|
||||
default: config.json
|
||||
|
||||
$(MKSH_FILE):
|
||||
docker run --rm --net=none $(MKSH_IMAGE) tar cf - -C $(MKSH_PATH) $(MKSH_FILE) | tar xf -
|
||||
@ -16,8 +16,8 @@ $(MKSH_FILE):
|
||||
$(CACERT_FILE):
|
||||
docker run --rm --net=none $(CACERT_IMAGE) tar cf - -C $(CACERT_PATH) $(CACERT_FILE) | tar xf -
|
||||
|
||||
rootfs: Dockerfile test.sh $(MKSH_FILE) $(CACERT_FILE)
|
||||
mkdir -p $@
|
||||
config.json: Dockerfile test.sh $(MKSH_FILE) $(CACERT_FILE)
|
||||
mkdir -p rootfs
|
||||
BUILD=$$( tar cf - $^ | docker build -q - ) && \
|
||||
[ -n "$$BUILD" ] && \
|
||||
echo "Built $$BUILD" && \
|
||||
@ -25,11 +25,11 @@ rootfs: Dockerfile test.sh $(MKSH_FILE) $(CACERT_FILE)
|
||||
[ -n "$$IMAGE" ] && \
|
||||
echo "Built $$IMAGE" && \
|
||||
CONTAINER=$$( docker create $$IMAGE /dev/null ) && \
|
||||
docker export $$CONTAINER | tar -xf - -C $@ && \
|
||||
docker export $$CONTAINER | tar -xf - -C rootfs $(EXCLUDE) && \
|
||||
docker rm $$CONTAINER && \
|
||||
( cd $@ && rm -rf .dockerenv Dockerfile dev/* etc/hostname etc/hosts etc/mtab etc/resolv.conf )
|
||||
../containers/riddler.sh --cap-drop all --cap-add SYS_ADMIN -e HOME=/tmp -u 0:0 -v /var/tmp:/tmp -v /var/run/docker.sock:/var/run/docker.sock:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /etc/resolv.conf:/etc/resolv.conf:ro --net host --read-only $$IMAGE /bin/test.sh >$@
|
||||
|
||||
clean:
|
||||
rm -rf rootfs $(MKSH_FILE) $(CACERT_FILE)
|
||||
rm -rf rootfs config.json $(MKSH_FILE) $(CACERT_FILE)
|
||||
|
||||
.DELETE_ON_ERROR:
|
||||
|
||||
@ -1,197 +0,0 @@
|
||||
{
|
||||
"ociVersion": "1.0.0-rc2-dev",
|
||||
"platform": {
|
||||
"os": "linux",
|
||||
"arch": "amd64"
|
||||
},
|
||||
"process": {
|
||||
"terminal": false,
|
||||
"user": {
|
||||
"uid": 0,
|
||||
"gid": 0
|
||||
},
|
||||
"args": [
|
||||
"/bin/sh",
|
||||
"-c",
|
||||
"/bin/test.sh"
|
||||
],
|
||||
"env": [
|
||||
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
|
||||
"HOME=/tmp"
|
||||
],
|
||||
"cwd": "/",
|
||||
"capabilities": [],
|
||||
"rlimits": [
|
||||
{
|
||||
"type": "RLIMIT_NOFILE",
|
||||
"hard": 1024,
|
||||
"soft": 1024
|
||||
}
|
||||
],
|
||||
"noNewPrivileges": true
|
||||
},
|
||||
"root": {
|
||||
"path": "rootfs",
|
||||
"readonly": true
|
||||
},
|
||||
"hostname": "elegant_albattani",
|
||||
"mounts": [
|
||||
{
|
||||
"destination": "/usr/bin/docker",
|
||||
"type": "bind",
|
||||
"source": "/usr/bin/docker",
|
||||
"options": [
|
||||
"ro",
|
||||
"rbind",
|
||||
"rprivate"
|
||||
]
|
||||
},
|
||||
{
|
||||
"destination": "/tmp",
|
||||
"type": "tmpfs",
|
||||
"source": "tmpfs",
|
||||
"options": [
|
||||
"nosuid",
|
||||
"noexec",
|
||||
"nodev",
|
||||
"strictatime",
|
||||
"mode=1755",
|
||||
"size=65536k"
|
||||
]
|
||||
},
|
||||
{
|
||||
"destination": "/var/run/docker.sock",
|
||||
"type": "bind",
|
||||
"source": "/var/run/docker.sock",
|
||||
"options": [
|
||||
"ro",
|
||||
"rbind",
|
||||
"rprivate"
|
||||
]
|
||||
},
|
||||
{
|
||||
"destination": "/etc/resolv.conf",
|
||||
"type": "bind",
|
||||
"source": "/etc/resolv.conf",
|
||||
"options": [
|
||||
"ro",
|
||||
"rbind",
|
||||
"rprivate"
|
||||
]
|
||||
},
|
||||
{
|
||||
"destination": "/proc",
|
||||
"type": "proc",
|
||||
"source": "proc"
|
||||
},
|
||||
{
|
||||
"destination": "/dev",
|
||||
"type": "tmpfs",
|
||||
"source": "tmpfs",
|
||||
"options": [
|
||||
"nosuid",
|
||||
"strictatime",
|
||||
"mode=755",
|
||||
"size=65536k"
|
||||
]
|
||||
},
|
||||
{
|
||||
"destination": "/dev/pts",
|
||||
"type": "devpts",
|
||||
"source": "devpts",
|
||||
"options": [
|
||||
"nosuid",
|
||||
"noexec",
|
||||
"newinstance",
|
||||
"ptmxmode=0666",
|
||||
"mode=0620",
|
||||
"gid=5"
|
||||
]
|
||||
},
|
||||
{
|
||||
"destination": "/dev/shm",
|
||||
"type": "tmpfs",
|
||||
"source": "shm",
|
||||
"options": [
|
||||
"nosuid",
|
||||
"noexec",
|
||||
"nodev",
|
||||
"mode=1777",
|
||||
"size=65536k"
|
||||
]
|
||||
},
|
||||
{
|
||||
"destination": "/dev/mqueue",
|
||||
"type": "mqueue",
|
||||
"source": "mqueue",
|
||||
"options": [
|
||||
"nosuid",
|
||||
"noexec",
|
||||
"nodev"
|
||||
]
|
||||
},
|
||||
{
|
||||
"destination": "/sys",
|
||||
"type": "sysfs",
|
||||
"source": "sysfs",
|
||||
"options": [
|
||||
"nosuid",
|
||||
"noexec",
|
||||
"nodev"
|
||||
]
|
||||
},
|
||||
{
|
||||
"destination": "/sys/fs/cgroup",
|
||||
"type": "cgroup",
|
||||
"source": "cgroup",
|
||||
"options": [
|
||||
"nosuid",
|
||||
"noexec",
|
||||
"nodev",
|
||||
"relatime",
|
||||
"ro"
|
||||
]
|
||||
}
|
||||
],
|
||||
"hooks": {},
|
||||
"linux": {
|
||||
"resources": {
|
||||
"devices": [
|
||||
{
|
||||
"allow": false,
|
||||
"access": "rwm"
|
||||
}
|
||||
]
|
||||
},
|
||||
"namespaces": [
|
||||
{
|
||||
"type": "pid"
|
||||
},
|
||||
{
|
||||
"type": "ipc"
|
||||
},
|
||||
{
|
||||
"type": "uts"
|
||||
},
|
||||
{
|
||||
"type": "mount"
|
||||
}
|
||||
],
|
||||
"maskedPaths": [
|
||||
"/proc/kcore",
|
||||
"/proc/latency_stats",
|
||||
"/proc/timer_list",
|
||||
"/proc/timer_stats",
|
||||
"/proc/sched_debug",
|
||||
"/sys/firmware"
|
||||
],
|
||||
"readonlyPaths": [
|
||||
"/proc/asound",
|
||||
"/proc/bus",
|
||||
"/proc/fs",
|
||||
"/proc/irq",
|
||||
"/proc/sys",
|
||||
"/proc/sysrq-trigger"
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user