-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathjailConfig.cfg
111 lines (96 loc) · 1.5 KB
/
jailConfig.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: "ssx-sandbox-compilation"
mode: ONCE
log_level: FATAL
hostname: "HC-sandbox"
# keep_caps: true
cap: "CAP_SETUID"
cap: "CAP_SETGID"
cap: "CAP_KILL"
# clone_newipc: false
# clone_newuser: false
envar: "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:."
mount_proc: true
# Hard Limit
# time_limit: 10
# rlimit_fsize: 256
mount {
src: '/usr'
dst: '/usr'
is_bind: true
mandatory: true
}
mount {
src: '/etc'
dst: '/etc'
is_bind: true
mandatory: true
}
# mount {
# src: "/dev"
# dst: "/dev"
# is_bind: true
# }
mount {
src: "/dev/random"
dst: "/dev/random"
is_bind: true
}
mount {
src: "/dev/urandom"
dst: "/dev/urandom"
is_bind: true
}
# mount {
# src: "/proc/self/fd/0"
# dst: "/dev/stdin"
# is_bind: true
# is_symlink: true
# }
# mount {
# src: "/proc/self/fd/1"
# dst: "/dev/stdout"
# is_bind: true
# is_symlink: true
# }
# mount {
# src: "/proc/self/fd/2"
# dst: "/dev/stderr"
# is_bind: true
# is_symlink: true
# }
mount {
src: "/lib"
dst: "/lib"
is_bind: true
}
mount {
src: "/bin"
dst: "/bin"
is_bind: true
}
mount {
src: "/sbin"
dst: "/sbin"
is_bind: true
}
mount {
src: "/lib64"
dst: "/lib64"
is_bind: true
}
mount {
src: "/var"
dst: "/var"
is_bind: true
}
mount {
src: "/run"
dst: "/run"
is_bind: true
}
mount {
src: '/sys/fs/cgroup'
dst: '/sys/fs/cgroup'
is_bind: true
mandatory: true
}