diff --git a/examples/docker.yml b/examples/docker.yml index e691ff254..e0dc654b3 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -40,7 +40,7 @@ onboot: command: ["/mount.sh", "/var/lib/docker"] services: - name: rngd - image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92" + image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 @@ -76,6 +76,9 @@ services: binds: - /var/lib/docker:/var/lib/docker - /lib/modules:/lib/modules +files: + - path: etc/docker/daemon.json + contents: '{"debug": true}' trust: image: - mobylinux/kernel diff --git a/examples/gcp.yml b/examples/gcp.yml index 68460cb7e..517ad7320 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -19,7 +19,7 @@ onboot: image: "mobylinux/dhcpcd:0d4012269cb142972fed8542fbdc3ff5a7b695cd" binds: - /var:/var - - /tmp:/etc + - /tmp/etc:/etc capabilities: - CAP_NET_ADMIN - CAP_NET_BIND_SERVICE @@ -30,7 +30,7 @@ onboot: image: "mobylinux/metadata-gcp:7fc3dd5ef92e0408fb3f76048bbaae88bbb55ad9" binds: - /tmp:/etc/ssh - - /etc/resolv.conf:/etc/resolv.conf + - /tmp/etc/resolv.conf:/etc/resolv.conf readonly: true net: host uts: host @@ -38,7 +38,7 @@ onboot: - CAP_SYS_ADMIN services: - name: rngd - image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92" + image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 @@ -51,7 +51,7 @@ services: pid: host binds: - /tmp/authorized_keys:/root/.ssh/authorized_keys - - /etc/resolv.conf:/etc/resolv.conf + - /tmp/etc/resolv.conf:/etc/resolv.conf - name: nginx image: "nginx:alpine" capabilities: @@ -64,9 +64,6 @@ services: trust: image: - mobylinux/kernel -files: - - path: etc/docker/daemon.json - contents: '{"debug": true}' outputs: - format: kernel+initrd - format: gcp diff --git a/examples/sshd.yml b/examples/sshd.yml index 87a106aa7..fe77f1e78 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -16,7 +16,7 @@ onboot: - CAP_SYS_ADMIN services: - name: rngd - image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92" + image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 diff --git a/examples/vmware.yml b/examples/vmware.yml index a25df911d..295cb9e1f 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -17,7 +17,7 @@ onboot: readonly: true services: - name: rngd - image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92" + image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 @@ -45,8 +45,5 @@ services: trust: image: - mobylinux/kernel -files: - - path: etc/docker/daemon.json - contents: '{"debug": true}' outputs: - format: vmdk diff --git a/linuxkit.yml b/linuxkit.yml index 8e0c6ae19..70a910241 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -33,7 +33,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: rngd - image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92" + image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 diff --git a/projects/landlock/landlock.yml b/projects/landlock/landlock.yml index a6c39db28..728b3c38e 100644 --- a/projects/landlock/landlock.yml +++ b/projects/landlock/landlock.yml @@ -17,14 +17,11 @@ onboot: readonly: true services: - name: rngd - image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92" + image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 readonly: true -files: - - path: etc/docker/daemon.json - contents: '{"debug": true}' outputs: - format: kernel+initrd - format: iso-bios diff --git a/projects/selinux/selinux.yml b/projects/selinux/selinux.yml index 800521f6e..86f6dbe1f 100644 --- a/projects/selinux/selinux.yml +++ b/projects/selinux/selinux.yml @@ -14,14 +14,11 @@ onboot: readonly: true services: - name: rngd - image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92" + image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 readonly: true -files: - - path: etc/docker/daemon.json - contents: '{"debug": true}' outputs: - format: kernel+initrd - format: iso-bios diff --git a/projects/swarmd/swarmd.yml b/projects/swarmd/swarmd.yml index 13f7587b9..a3013a8f6 100644 --- a/projects/swarmd/swarmd.yml +++ b/projects/swarmd/swarmd.yml @@ -14,7 +14,7 @@ onboot: readonly: true services: - name: rngd - image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92" + image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 @@ -31,7 +31,7 @@ services: net: host oomScoreAdj: -800 - name: swarmd - image: "mobylinux/swarmd:cf11a7626278ebf17efe2780c138b4e626b02c73@sha256:7b31bb4482e6823d2aec291d13782669c22bc03c9fac1dfd7ed207d942c3c061" + image: "mobylinux/swarmd:cf11a7626278ebf17efe2780c138b4e626b02c73" command: ["/usr/bin/swarmd", "--containerd-addr=/run/containerd/containerd.sock", "--log-level=debug", "--state-dir=/var/lib/containerd/swarmd"] capabilities: - CAP_CHOWN @@ -53,9 +53,6 @@ services: - /run/containerd/containerd.sock:/run/containerd/containerd.sock - /var/lib/containerd:/var/lib/containerd - /etc/resolv.conf:/etc/resolv.conf -files: - - path: etc/docker/daemon.json - contents: '{"debug": true}' outputs: - format: kernel+initrd - format: iso-bios diff --git a/projects/wireguard/examples/wireguard.yml b/projects/wireguard/examples/wireguard.yml index 2e6548068..0d0c408a4 100644 --- a/projects/wireguard/examples/wireguard.yml +++ b/projects/wireguard/examples/wireguard.yml @@ -14,14 +14,11 @@ onboot: readonly: true services: - name: rngd - image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92" + image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 readonly: true -files: - - path: etc/docker/daemon.json - contents: '{"debug": true}' outputs: - format: kernel+initrd - format: iso-bios diff --git a/test/docker-bench/test-docker-bench.yml b/test/docker-bench/test-docker-bench.yml index b07086398..83a2710ee 100644 --- a/test/docker-bench/test-docker-bench.yml +++ b/test/docker-bench/test-docker-bench.yml @@ -40,7 +40,7 @@ onboot: command: ["/mount.sh", "/var/lib/docker"] services: - name: rngd - image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92" + image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800 diff --git a/test/virtsock/test-virtsock-server.yml b/test/virtsock/test-virtsock-server.yml index 14b374518..4a66d37cc 100644 --- a/test/virtsock/test-virtsock-server.yml +++ b/test/virtsock/test-virtsock-server.yml @@ -21,7 +21,7 @@ onboot: readonly: true services: - name: rngd - image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92" + image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" capabilities: - CAP_SYS_ADMIN oomScoreAdj: -800