github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-20 09:39:08 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1532 from samoht/less-caps

Browse Source 
miragesdk: remove CAP_SYS_PTRACe
This commit is contained in:
Justin Cormack 2017-04-07 11:23:57 +01:00 committed by GitHub
commit aa17afaede
3 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
projects/miragesdk/README.md
View File

@ -46,7 +46,7 @@ the hardware support is available.
a lot of architectural questions and makes subsequent protocol implementations such a lot of architectural questions and makes subsequent protocol implementations such
as HTTPS or NTP more straightforward. See [why-dhcp](why-dhcp.md) for more details. as HTTPS or NTP more straightforward. See [why-dhcp](why-dhcp.md) for more details.
- The **[roadmap](roadmap.md)** describes the architecture of the DHCP client and current - The **[roadmap](roadmap.md)** describes the architecture of the DHCP client and current
development directions. development directions.
- We are also packaging up the Alpine `dhcpcd` with the same configuration conventions - We are also packaging up the Alpine `dhcpcd` with the same configuration conventions
@ -63,6 +63,6 @@ the hardware support is available.
# Getting Started # Getting Started
``` ```
../../bin/moby examples/mirage-dhcp.yml` ../../bin/moby build examples/mirage-dhcp.yml`
../../scripts/qemu.sh mirage-dhcp-initrd.img mirage-dhcp-bzImage "$(bin/moby --cmdline mirage-dhcp.yml)" ../../bin/moby run mirage-dhcp
``` ```

3
projects/miragesdk/examples/mirage-dhcp.yml
View File

@ -1,7 +1,7 @@
kernel: kernel:
image: "mobylinux/kernel:4.9.x" image: "mobylinux/kernel:4.9.x"
cmdline: "console=ttyS0 page_poison=1" cmdline: "console=ttyS0 page_poison=1"
init: "mobylinux/init:5770b8f1c72d3b9da43951d4ce3b53d473e3dc8b" init: "mobylinux/init:9d755f7e7d108d523448e4a503f1613b7d870389@sha256:9ccb16f2d8b3a09d12f5459106763f1836c064e420a13360e2e25599337960dc"
system: system:
- name: sysctl - name: sysctl
image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c"
@ -31,7 +31,6 @@ daemon:
- CAP_NET_RAW # to read /dev/eth0 - CAP_NET_RAW # to read /dev/eth0
- CAP_SYS_ADMIN # for runc (unshare) - CAP_SYS_ADMIN # for runc (unshare)
- CAP_SETGID # for runc (setns) - CAP_SETGID # for runc (setns)
- CAP_SYS_PTRACE # for runc (read /proc/[pid]/fd)
mounts: # for runc mounts: # for runc
- type: cgroup - type: cgroup
options: ["rw","nosuid","noexec","nodev","relatime"] options: ["rw","nosuid","noexec","nodev","relatime"]

2
projects/miragesdk/pkg/init/Makefile
View File

@ -1,7 +1,7 @@
CONTAINERD_IMAGE=mobylinux/containerd:a688df6aee1e3700eb8d54dbc81070361df397a2@sha256:59ee3da05fe4dad4fbecff582c86fc30ce75e19a225eeeb07e203c9cc36fe34f CONTAINERD_IMAGE=mobylinux/containerd:a688df6aee1e3700eb8d54dbc81070361df397a2@sha256:59ee3da05fe4dad4fbecff582c86fc30ce75e19a225eeeb07e203c9cc36fe34f
CONTAINERD_BINARIES=usr/bin/containerd usr/bin/containerd-shim usr/bin/ctr usr/bin/dist CONTAINERD_BINARIES=usr/bin/containerd usr/bin/containerd-shim usr/bin/ctr usr/bin/dist
RUNC_IMAGE=mobylinux/runc:45884ad2bfad045cbf35f2b78b4c82f75fb19854@sha256:d7c4576405f2318d329f538f847927018d4e8497d7968bd3323ff047e2ffe257 RUNC_IMAGE=mobylinux/runc:f225fb93dc3e6dda1cc9004962893015b29dc2d6@sha256:e75c4b274236bd3ad9f4db0a91a6f2174c8c77009c361ab5dd7a4169406675bc
RUNC_BINARY=usr/bin/runc RUNC_BINARY=usr/bin/runc
C_COMPILE=mobylinux/c-compile:81a6bd8ff45d769b60a2ee1acdaccda11ab835c8@sha256:eac250997a3b9784d3285a03c0c8311d4ca6fb63dc75164c987411ba93006487 C_COMPILE=mobylinux/c-compile:81a6bd8ff45d769b60a2ee1acdaccda11ab835c8@sha256:eac250997a3b9784d3285a03c0c8311d4ca6fb63dc75164c987411ba93006487