forked from Ivasoft/drone-docker
add custom seccomp profile
This commit is contained in:
Robert Kaussow
@@ -341,6 +341,7 @@ func commandDaemon(daemon Daemon) *exec.Cmd {
|
|||||||
args := []string{
|
args := []string{
|
||||||
"--data-root", daemon.StoragePath,
|
"--data-root", daemon.StoragePath,
|
||||||
"--host=unix:///var/run/docker.sock",
|
"--host=unix:///var/run/docker.sock",
|
||||||
|
"--seccomp-profile=/etc/docker/default.json",
|
||||||
}
|
}
|
||||||
|
|
||||||
if daemon.StorageDriver != "" {
|
if daemon.StorageDriver != "" {
|
||||||
|
|||||||
@@ -2,5 +2,14 @@ FROM docker:19.03.8-dind
|
|||||||
|
|
||||||
ENV DOCKER_HOST=unix:///var/run/docker.sock
|
ENV DOCKER_HOST=unix:///var/run/docker.sock
|
||||||
|
|
||||||
|
RUN apk --update add --virtual .build-deps curl && \
|
||||||
|
mkdir -p /etc/docker/ && \
|
||||||
|
curl -SsL -o /etc/docker/default.json https://raw.githubusercontent.com/moby/moby/19.03/profiles/seccomp/default.json && \
|
||||||
|
sed -i 's/SCMP_ACT_ERRNO/SCMP_ACT_TRACE/g' /etc/docker/default.json && \
|
||||||
|
chmod 600 /etc/docker/default.json && \
|
||||||
|
apk del .build-deps && \
|
||||||
|
rm -rf /var/cache/apk/* && \
|
||||||
|
rm -rf /tmp/*
|
||||||
|
|
||||||
ADD release/linux/amd64/drone-docker /bin/
|
ADD release/linux/amd64/drone-docker /bin/
|
||||||
ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-docker"]
|
ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-docker"]
|
||||||
|
|||||||
@@ -2,5 +2,14 @@ FROM arm32v6/docker:19.03.8-dind
|
|||||||
|
|
||||||
ENV DOCKER_HOST=unix:///var/run/docker.sock
|
ENV DOCKER_HOST=unix:///var/run/docker.sock
|
||||||
|
|
||||||
|
RUN apk --update add --virtual .build-deps curl && \
|
||||||
|
mkdir -p /etc/docker/ && \
|
||||||
|
curl -SsL -o /etc/docker/default.json https://raw.githubusercontent.com/moby/moby/19.03/profiles/seccomp/default.json && \
|
||||||
|
sed -i 's/SCMP_ACT_ERRNO/SCMP_ACT_TRACE/g' /etc/docker/default.json && \
|
||||||
|
chmod 600 /etc/docker/default.json && \
|
||||||
|
apk del .build-deps && \
|
||||||
|
rm -rf /var/cache/apk/* && \
|
||||||
|
rm -rf /tmp/*
|
||||||
|
|
||||||
ADD release/linux/arm/drone-docker /bin/
|
ADD release/linux/arm/drone-docker /bin/
|
||||||
ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-docker"]
|
ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-docker"]
|
||||||
|
|||||||
@@ -2,5 +2,14 @@ FROM arm64v8/docker:19.03.8-dind
|
|||||||
|
|
||||||
ENV DOCKER_HOST=unix:///var/run/docker.sock
|
ENV DOCKER_HOST=unix:///var/run/docker.sock
|
||||||
|
|
||||||
|
RUN apk --update add --virtual .build-deps curl && \
|
||||||
|
mkdir -p /etc/docker/ && \
|
||||||
|
curl -SsL -o /etc/docker/default.json https://raw.githubusercontent.com/moby/moby/19.03/profiles/seccomp/default.json && \
|
||||||
|
sed -i 's/SCMP_ACT_ERRNO/SCMP_ACT_TRACE/g' /etc/docker/default.json && \
|
||||||
|
chmod 600 /etc/docker/default.json && \
|
||||||
|
apk del .build-deps && \
|
||||||
|
rm -rf /var/cache/apk/* && \
|
||||||
|
rm -rf /tmp/*
|
||||||
|
|
||||||
ADD release/linux/arm64/drone-docker /bin/
|
ADD release/linux/arm64/drone-docker /bin/
|
||||||
ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-docker"]
|
ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-docker"]
|
||||||
|
|||||||
Reference in New Issue
Block a user