v3 - Remove the use of unshare + privileged mode and instead (#195)

use seccomp to filter for socket syscalls
This commit is contained in:
Victor Frazao 2021-04-06 20:31:30 -04:00 committed by GitHub
parent f6a4e67d5f
commit 552fb91c6b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 75 additions and 10 deletions

View file

@ -3,12 +3,10 @@ version: '2.7'
services:
piston_api:
build: api
cap_add:
- CAP_SYS_ADMIN
restart: always
ports:
- 2000:2000
volumes:
- ./data/piston:/piston
tmpfs:
- /piston/jobs:exec
- /piston/jobs:exec