mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-07-22 02:21:34 +00:00
remove unnecessary capabilities from nginx example
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack
parent
7b8c615387
commit
4cfb71eafc
@ -11,7 +11,7 @@ NAME=nginx
|
|||||||
VERSION=latest
|
VERSION=latest
|
||||||
|
|
||||||
docker pull ${NAME}:${VERSION}
|
docker pull ${NAME}:${VERSION}
|
||||||
CONTAINER=$(docker create --net=host --security-opt apparmor=unconfined --oom-score-adj=-500 -v /var/log/nginx:/var/log/nginx -v /var/cache/nginx:/var/cache/nginx -v /var/run:/var/run ${NAME}:${VERSION})
|
CONTAINER=$(docker create --net=host --security-opt apparmor=unconfined --cap-drop all --cap-add net_bind_service --oom-score-adj=-500 -v /var/log/nginx:/var/log/nginx -v /var/cache/nginx:/var/cache/nginx -v /var/run:/var/run ${NAME}:${VERSION})
|
||||||
docker run -v ${PWD}:/conf -v /var/run/docker.sock:/var/run/docker.sock --rm jess/riddler -f -bundle /conf ${CONTAINER}
|
docker run -v ${PWD}:/conf -v /var/run/docker.sock:/var/run/docker.sock --rm jess/riddler -f -bundle /conf ${CONTAINER}
|
||||||
rm -rf rootfs && mkdir rootfs
|
rm -rf rootfs && mkdir rootfs
|
||||||
docker export ${CONTAINER} | tar -C rootfs -xf -
|
docker export ${CONTAINER} | tar -C rootfs -xf -
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user