Mascali/piston
1
0
Fork 0
mirror of https://github.com/engineer-man/piston.git synced 2025-04-22 04:56:30 +02:00
Code Issues Projects Releases Wiki Activity

v3 - Remove the use of unshare + privileged mode and instead (#195)

Browse source 
use seccomp to filter for socket syscalls
This commit is contained in:
Victor Frazao 2021-04-06 20:31:30 -04:00 committed by GitHub
parent f6a4e67d5f
commit 552fb91c6b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 75 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
api/Dockerfile
View file

@ -10,7 +10,7 @@ RUN for i in $(seq 1001 1500); do \
RUN apt-get update && \
apt-get install -y libxml2 gnupg tar coreutils util-linux libc6-dev \
binutils build-essential locales libpcre3-dev libevent-dev libgmp3-dev \
libncurses6 libncurses5 libedit-dev && \
libncurses6 libncurses5 libedit-dev libseccomp-dev && \
rm -rf /var/lib/apt/lists/*
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
@ -22,5 +22,7 @@ COPY ["package.json", "package-lock.json", "./"]
RUN npm i
COPY ./src ./src
RUN make -C ./src/nosocket/ all && make -C ./src/nosocket/ install
CMD [ "node", "src", "-m", "-c", "/piston/config.yaml"]
EXPOSE 2000/tcp