fickit/rsync: increase overall security

2019-01-17 08:13:11 +01:00 · 2019-01-17 08:13:11 +01:00 · 5a144a26f9
commit 5a144a26f9
parent 5e9e45da03
4 changed files with 18 additions and 11 deletions
--- a/fickit-pkg/rsync/Dockerfile
+++ b/fickit-pkg/rsync/Dockerfile
@ -23,4 +23,3 @@ COPY etc/ /etc/
 COPY usr/ /usr/
 RUN mkdir -p /etc/ssh /root/.ssh && chmod 0700 /root/.ssh
 CMD ["/sbin/tini", "/usr/bin/ssh.sh"]
-LABEL org.mobyproject.config='{"pid": "host", "binds": ["/root/.ssh:/root/.ssh", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/containers:/containers","/var/log:/var/log","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'
--- a/fickit-pkg/rsync/build.yml
+++ b/fickit-pkg/rsync/build.yml
@ -1,2 +1,11 @@
 image: rsync
 network: true
+config:
+  binds:
+    - /root/.ssh:/root/.ssh
+    - /etc/resolv.conf:/etc/resolv.conf
+  capabilities:
+    - CAP_NET_BIND_SERVICE
+  pid: new
+  ipc: new
+  uts: new