From 3aead78f36de9fa45cede45002ba48029cf63f4a Mon Sep 17 00:00:00 2001
From: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
Date: Sun, 9 Apr 2017 12:09:06 -0700
Subject: [PATCH] landlock: example yml

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
---
 projects/landlock/landlock.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 projects/landlock/landlock.yml

diff --git a/projects/landlock/landlock.yml b/projects/landlock/landlock.yml
new file mode 100644
index 000000000..9beb544c6
--- /dev/null
+++ b/projects/landlock/landlock.yml
@@ -0,0 +1,31 @@
+kernel:
+  image: "mobylinux/kernel-landlock:4.9.x"
+  cmdline: "console=ttyS0 page_poison=1"
+init:
+  - mobylinux/init:4a731380d1d9b29472c7de165a1cdf93136ab1e7
+  - mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
+  - mobylinux/containerd:c7f6ecdcbcb615a53edee556ba03c7c873bc8488
+  - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
+onboot:
+  - name: sysctl
+    image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c"
+    net: host
+    pid: host
+    ipc: host
+    capabilities:
+     - CAP_SYS_ADMIN
+    readonly: true
+services:
+  - name: rngd
+    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
+    capabilities:
+     - CAP_SYS_ADMIN
+    oomScoreAdj: -800
+    readonly: true
+files:
+  - path: etc/docker/daemon.json
+    contents: '{"debug": true}'
+outputs:
+  - format: kernel+initrd
+  - format: iso-bios
+  - format: iso-efi