mirror of
https://github.com/linuxkit/linuxkit.git
synced 2026-04-05 08:07:12 +00:00
a237b51511
By running:
./scripts/update-component-sha.sh --image linuxkit/alpine ad35b6ddbc70faa07e59a9d7dee7707c08122e8d
Signed-off-by: Ian Campbell <ijc@docker.com>
30 lines
942 B
Docker
30 lines
942 B
Docker
FROM linuxkit/alpine:ad35b6ddbc70faa07e59a9d7dee7707c08122e8d AS build
|
|
RUN apk add abuild gcc git
|
|
|
|
ADD build.sh /
|
|
RUN adduser -D -G abuild builder && sudo -u builder /build.sh
|
|
|
|
FROM linuxkit/alpine:ad35b6ddbc70faa07e59a9d7dee7707c08122e8d AS mirror
|
|
COPY --from=build /home/builder/*apk /
|
|
|
|
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
|
|
RUN apk add --initdb -p /out alpine-baselayout tini
|
|
RUN apk add --allow-untrusted -p /out /*apk
|
|
|
|
# Remove apk residuals. We have a read-only rootfs, so apk is of no use.
|
|
RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
|
|
|
|
FROM scratch
|
|
ENTRYPOINT []
|
|
CMD []
|
|
WORKDIR /
|
|
COPY --from=mirror /out/ /
|
|
|
|
COPY auditd.conf /etc/audit
|
|
COPY audit.rules /etc/audit
|
|
COPY runaudit.sh /usr/bin
|
|
|
|
CMD ["/sbin/tini", "/usr/bin/runaudit.sh"]
|
|
|
|
LABEL org.mobyproject.config='{"pid": "host", "binds": ["/var/log:/var/log"], "capabilities": ["CAP_AUDIT_CONTROL", "CAP_AUDIT_READ", "CAP_AUDIT_WRITE", "CAP_SYS_NICE"]}'
|