kernel:
  image: "linuxkit/kernel-ima:4.11.1-186dd3605ee7b23214850142f8f02b4679dbd148"
  cmdline: "console=ttyS0 console=tty0 page_poison=1 ima_appraise=enforce_ns"
init:
  - linuxkit/init:b3740303f3d1e5689a84c87b7dfb48fd2a40a192
  - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f
  - linuxkit/containerd:a33cdcf50b8107ffe14c92802c460fe7ada39acd
  - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d
  - linuxkit/ima-utils:dfeb3896fd29308b80ff9ba7fe5b8b767e40ca29
onboot:
  - name: sysctl
    image: "linuxkit/sysctl:3aa6bc663c2849ef239be7d941d3eaf3e6fcc018"
  - name: binfmt
    image: "linuxkit/binfmt:8ac5535f57f0c6f5fe88317b9d22a7677093c765"
  - name: dhcpcd
    image: "linuxkit/dhcpcd:7d2b8aaaf20c24ad7d11a5ea2ea5b4a80dc966f1"
    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services:
  - name: rngd
    image: "linuxkit/rngd:1fa4de44c961bb5075647181891a3e7e7ba51c31"
  - name: nginx
    image: "nginx:alpine"
    capabilities:
     - CAP_NET_BIND_SERVICE
     - CAP_CHOWN
     - CAP_SETUID
     - CAP_SETGID
     - CAP_DAC_OVERRIDE
files:
  - path: etc/docker/daemon.json
    contents: '{"debug": true}'
trust:
  image:
    - linuxkit/kernel
    - linuxkit/init
    - linuxkit/runc
    - linuxkit/containerd
    - linuxkit/ca-certificates
    - linuxkit/sysctl
    - linuxkit/binfmt
    - linuxkit/dhcpcd
    - linuxkit/rngd