github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-10-29 15:54:47 +00:00
Code Issues Projects Releases Wiki Activity
Files
6c83b98a409fbe6e2bc18f279dcab9fcb15cbc4f
linuxkit/pkg/auditd/Dockerfile
Tycho Andersen 740b97cc90 auditd: update image hash 
Riyaz has actually pushed this hash, so let's use it.

Signed-off-by: Tycho Andersen <tycho@docker.com>
2017-06-28 16:44:54 -06:00

30 lines
942 B
Docker
Raw Blame History

FROM linuxkit/alpine:77e00ca02b6ee1bc0ad9cd595acf3f36917b028c AS build
RUN apk add abuild gcc git
ADD build.sh /
RUN adduser -D -G abuild builder && sudo -u builder /build.sh
FROM linuxkit/alpine:77e00ca02b6ee1bc0ad9cd595acf3f36917b028c AS mirror
COPY --from=build /home/builder/*apk /
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk add --initdb -p /out alpine-baselayout tini
RUN apk add --allow-untrusted -p /out /*apk
# Remove apk residuals. We have a read-only rootfs, so apk is of no use.
RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
FROM scratch
ENTRYPOINT []
CMD []
WORKDIR /
COPY --from=mirror /out/ /
COPY auditd.conf /etc/audit
COPY audit.rules /etc/audit
COPY runaudit.sh /usr/bin
CMD ["/sbin/tini", "/usr/bin/runaudit.sh"]
LABEL org.mobyproject.config='{"pid": "host", "binds": ["/var/log:/var/log"], "capabilities": ["CAP_AUDIT_CONTROL", "CAP_AUDIT_READ", "CAP_AUDIT_WRITE", "CAP_SYS_NICE"]}'
Reference in New Issue View Git Blame Copy Permalink