summaryrefslogtreecommitdiff
path: root/snowjail.yml
diff options
context:
space:
mode:
Diffstat (limited to 'snowjail.yml')
-rw-r--r--snowjail.yml56
1 files changed, 56 insertions, 0 deletions
diff --git a/snowjail.yml b/snowjail.yml
new file mode 100644
index 0000000..315921e
--- /dev/null
+++ b/snowjail.yml
@@ -0,0 +1,56 @@
+# ____ _ _ _
+# / ___| _ __ _____ _(_) __ _(_) |
+# \___ \| '_ \ / _ \ \ /\ / / |/ _` | | |
+# ___) | | | | (_) \ V V /| | (_| | | |
+# |____/|_| |_|\___/ \_/\_/_/ |\__,_|_|_|
+# |__/
+#
+# Snowjail Default Configuration File
+# generated by Snowjail version 0.1.0
+
+# Number of CPU cores that the jailed application is allowed to use.
+# 2.5 would allow the application to entirely use 2 cores and use half another core
+# Use -1 to allow full CPU usage
+cpu: -1
+
+# In megabytes, the maximum RAM the jailed application can use.
+# The application will be killed if it tries to use more memory than allowed.
+# Use -1 to allow full RAM usage
+ram: -1
+
+# Whether the RAM limit (set in the option above) should be enforced.
+# When disabled, memory requests MAY be denied but will not always be denied
+enforce_ram: false
+
+# In megabytes, the maximum swap memory the jailed application can use.
+# The application will be killed if it tries to use more swap than allowed and the memory is full.
+# Use -1 to allow full swap usage (as much as the host system allows)
+swap: -1
+
+# Whether allow writing to the application's directory or not
+# Make sure your application supports running from a read-only directory before disabling this option
+readwrite: true
+
+# Whether allow this application to access the system's hardware or not.
+# This WILL reduce security as it can be used to bypass jailing
+hardware: false
+
+# The base Docker image to be used for the jail.
+# Snowjail recommends using 'ubuntu:latest'
+image: ubuntu:latest
+
+# An array of commands to execute once the jail is running.
+# Command is an array of arguments.
+# Index 0 is the command, index 1 and onwards are arguments.
+# The jail will be destroyed once the last command is terminated.
+commands:
+ - ["apt-get", "update", "-y"]
+ - ["apt-get", "install", "-y", "curl"]
+ - ["bash", "-c", "curl -fsSL https://deb.nodesource.com/setup_17.x | bash -"]
+ - ["apt-get", "install", "-y", "nodejs"]
+ - ["bash", "-c", "cd /snowjail/* && node index.js"]
+
+# Ports to forward to the host.
+# The left part is port on the host, the right part is port on the guest
+ports:
+ - 8081:8081
© Floofi Systems, Some rights reserved. Powered by cgit.