Skip to content
This repository has been archived by the owner on May 21, 2022. It is now read-only.
/ percollate-docker Public archive

Docker image with percollate. Based on alpine and running in user mode

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

NovelService/percollate-docker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github/workflows
.github/workflows
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
seccomp.json
seccomp.json
 
 

Repository files navigation

percollate-docker

Docker image containing percollate running in user mode with a minimal set of permissions.

Get it from https://hub.docker.com/r/xiangronglin/percollate-alpine with docker pull xiangronglin/percollate-alpine

The missing permissions are added with security options (preferred) or through linux capabilities. See this article: https://ndportmann.com/chrome-in-docker/

Security options

The required system calls are explicitly added to a whitelist. Use docker run --security-opt seccomp=seccomp.json with the provided seccomp.json. It is based on Moby's default taken one 21.01.2021 and extended with the required calls arch_prctl chroot clone fanotify_init name_to_handle_at open_by_handle_at setdomainname sethostname syslog unshare vhangup setns source

Linux capabilities

Capabilities are grouped which then can be specifically assigned. Use docker run --cap-add=SYS_ADMIN which contain the required ones. Beware that this is basically root with a few less system calls available.

About

Docker image with percollate. Based on alpine and running in user mode

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

2 tags

Packages

No packages published

Languages