summaryrefslogtreecommitdiff
path: root/snowjail.yml
blob: 315921e9ae8a7055fe88478bdde26ccf9a2d90fa (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

#  ____                      _       _ _
# / ___| _ __   _____      _(_) __ _(_) |
# \___ \| '_ \ / _ \ \ /\ / / |/ _` | | |
#  ___) | | | | (_) \ V  V /| | (_| | | |
# |____/|_| |_|\___/ \_/\_/_/ |\__,_|_|_|
#                         |__/
#
# Snowjail Default Configuration File
#   generated by Snowjail version 0.1.0

# Number of CPU cores that the jailed application is allowed to use.
# 2.5 would allow the application to entirely use 2 cores and use half another core
# Use -1 to allow full CPU usage
cpu: -1

# In megabytes, the maximum RAM the jailed application can use.
# The application will be killed if it tries to use more memory than allowed.
# Use -1 to allow full RAM usage
ram: -1

# Whether the RAM limit (set in the option above) should be enforced.
# When disabled, memory requests MAY be denied but will not always be denied
enforce_ram: false

# In megabytes, the maximum swap memory the jailed application can use.
# The application will be killed if it tries to use more swap than allowed and the memory is full.
# Use -1 to allow full swap usage (as much as the host system allows)
swap: -1

# Whether allow writing to the application's directory or not
# Make sure your application supports running from a read-only directory before disabling this option
readwrite: true

# Whether allow this application to access the system's hardware or not.
# This WILL reduce security as it can be used to bypass jailing
hardware: false

# The base Docker image to be used for the jail.
# Snowjail recommends using 'ubuntu:latest'
image: ubuntu:latest

# An array of commands to execute once the jail is running.
# Command is an array of arguments.
# Index 0 is the command, index 1 and onwards are arguments.
# The jail will be destroyed once the last command is terminated.
commands:
  - ["apt-get", "update", "-y"]
  - ["apt-get", "install", "-y", "curl"]
  - ["bash", "-c", "curl -fsSL https://deb.nodesource.com/setup_17.x | bash -"]
  - ["apt-get", "install", "-y", "nodejs"]
  - ["bash", "-c", "cd /snowjail/* && node index.js"]

# Ports to forward to the host.
# The left part is port on the host, the right part is port on the guest
ports:
  - 8081:8081
© Floofi Systems, Some rights reserved. Powered by cgit.