linuxkit/projects/ima-namespace/ima-namespace.yml

kernel:
  image: linuxkit/kernel-ima:4.11.1-186dd3605ee7b23214850142f8f02b4679dbd148
  cmdline: "console=ttyS0 console=tty0 page_poison=1 ima_appraise=enforce_ns"
init:
  - linuxkit/init:e93b0bf37b030238d33e04b98e90d087637f3d2c
  - linuxkit/runc:f79954950022fea76b8b6f10de58cb48e4fb3878
  - linuxkit/containerd:6ef473a228db6f6ee163f9b9a051102a1552a4ef
  - linuxkit/ca-certificates:abfc6701b9ca17e34ac9439ce5946a247e720ff5
  - linuxkit/ima-utils:dfeb3896fd29308b80ff9ba7fe5b8b767e40ca29
onboot:
  - name: sysctl
    image: linuxkit/sysctl:541f60fe3676611328e89e8bac251fc636b1a6aa
  - name: dhcpcd
    image: linuxkit/dhcpcd:2f8a9b670aa6e96a09db56ec45c9f07ef2a811ee
    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services:
  - name: rngd
    image: linuxkit/rngd:7fab61cca793113280397dcee8159f35dc37adcb
  - name: nginx
    image: nginx:1.13.8-alpine
    capabilities:
     - CAP_NET_BIND_SERVICE
     - CAP_CHOWN
     - CAP_SETUID
     - CAP_SETGID
     - CAP_DAC_OVERRIDE
files:
  - path: etc/docker/daemon.json
    contents: '{"debug": true}'
trust:
  org:
    - linuxkit
    - library