Created
March 16, 2017 16:00
-
-
Save dav1x/0d990fa025f9f8056b7bb6b89070137c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "ociVersion": "1.0.0", | |
| "platform": { | |
| "os": "linux", | |
| "arch": "amd64" | |
| }, | |
| "process": { | |
| "terminal": false, | |
| "user": {}, | |
| "args": [ | |
| "/usr/bin/vmtoolsd" | |
| ], | |
| "env": [ | |
| "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", | |
| "TERM=xterm", | |
| "NAME=open-vm-tools", | |
| "SYSTEMD_IGNORE_CHROOT=1" | |
| ], | |
| "cwd": "/", | |
| "capabilities": [ | |
| "CAP_CHOWN", | |
| "CAP_DAC_OVERRIDE", | |
| "CAP_DAC_READ_SEARCH", | |
| "CAP_FOWNER", | |
| "CAP_FSETID", | |
| "CAP_KILL", | |
| "CAP_SETGID", | |
| "CAP_SETUID", | |
| "CAP_SETPCAP", | |
| "CAP_LINUX_IMMUTABLE", | |
| "CAP_NET_BIND_SERVICE", | |
| "CAP_NET_BROADCAST", | |
| "CAP_NET_ADMIN", | |
| "CAP_NET_RAW", | |
| "CAP_IPC_LOCK", | |
| "CAP_IPC_OWNER", | |
| "CAP_SYS_MODULE", | |
| "CAP_SYS_RAWIO", | |
| "CAP_SYS_CHROOT", | |
| "CAP_SYS_PTRACE", | |
| "CAP_SYS_PACCT", | |
| "CAP_SYS_ADMIN", | |
| "CAP_SYS_BOOT", | |
| "CAP_SYS_NICE", | |
| "CAP_SYS_RESOURCE", | |
| "CAP_SYS_TIME", | |
| "CAP_SYS_TTY_CONFIG", | |
| "CAP_MKNOD", | |
| "CAP_LEASE", | |
| "CAP_AUDIT_WRITE", | |
| "CAP_AUDIT_CONTROL", | |
| "CAP_SETFCAP", | |
| "CAP_MAC_OVERRIDE", | |
| "CAP_MAC_ADMIN", | |
| "CAP_SYSLOG", | |
| "CAP_WAKE_ALARM", | |
| "CAP_BLOCK_SUSPEND" | |
| ], | |
| "rlimits": [ | |
| { | |
| "type": "RLIMIT_NOFILE", | |
| "hard": 1024, | |
| "soft": 1024 | |
| } | |
| ], | |
| "noNewPrivileges": false | |
| }, | |
| "root": { | |
| "path": "rootfs", | |
| "readonly": true | |
| }, | |
| "mounts": [ | |
| { | |
| "destination": "/run/systemd", | |
| "type": "bind", | |
| "source": "/run/systemd", | |
| "options": [ | |
| "rw", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/etc/adjtime", | |
| "type": "bind", | |
| "source": "/etc/adjtime", | |
| "options": [ | |
| "rw", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/etc/hosts", | |
| "type": "bind", | |
| "source": "/etc/hosts", | |
| "options": [ | |
| "rw", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/tmp", | |
| "type": "bind", | |
| "source": "/tmp", | |
| "options": [ | |
| "rw", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/etc/sysconfig", | |
| "type": "bind", | |
| "source": "/etc/sysconfig", | |
| "options": [ | |
| "rw", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/etc/resolv.conf", | |
| "type": "bind", | |
| "source": "/etc/resolv.conf", | |
| "options": [ | |
| "rw", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/etc/shadow", | |
| "type": "bind", | |
| "source": "/etc/shadow", | |
| "options": [ | |
| "ro", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/sys/fs/cgroup", | |
| "type": "bind", | |
| "source": "/sys/fs/cgroup", | |
| "options": [ | |
| "rw", | |
| "rbind", | |
| "rprivate", | |
| "ro" | |
| ] | |
| }, | |
| { | |
| "destination": "/hostproc", | |
| "type": "bind", | |
| "source": "/proc", | |
| "options": [ | |
| "rw", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/etc/hostname", | |
| "type": "bind", | |
| "source": "/etc/hostname", | |
| "options": [ | |
| "rw", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/sysroot", | |
| "type": "bind", | |
| "source": "/sysroot", | |
| "options": [ | |
| "rw", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/etc/passwd", | |
| "type": "bind", | |
| "source": "/etc/passwd", | |
| "options": [ | |
| "ro", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/usr/share/zoneinfo", | |
| "type": "bind", | |
| "source": "/usr/share/zoneinfo", | |
| "options": [ | |
| "rw", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/var/lib/sss/pipes", | |
| "type": "bind", | |
| "source": "/var/lib/sss/pipes", | |
| "options": [ | |
| "rw", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/etc/nsswitch.conf", | |
| "type": "bind", | |
| "source": "/etc/nsswitch.conf", | |
| "options": [ | |
| "rw", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/var/log", | |
| "type": "bind", | |
| "source": "/var/log", | |
| "options": [ | |
| "rw", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/host", | |
| "type": "bind", | |
| "source": "/", | |
| "options": [ | |
| "rw", | |
| "rbind", | |
| "rprivate" | |
| ] | |
| }, | |
| { | |
| "destination": "/proc", | |
| "type": "proc", | |
| "source": "proc" | |
| }, | |
| { | |
| "type": "bind", | |
| "source": "/dev", | |
| "destination": "/dev", | |
| "options": [ | |
| "rbind", | |
| "rw", | |
| "mode=755" | |
| ] | |
| }, | |
| { | |
| "destination": "/dev/pts", | |
| "type": "devpts", | |
| "source": "devpts", | |
| "options": [ | |
| "nosuid", | |
| "noexec", | |
| "newinstance", | |
| "ptmxmode=0666", | |
| "mode=0620", | |
| "gid=5" | |
| ] | |
| }, | |
| { | |
| "destination": "/dev/shm", | |
| "type": "tmpfs", | |
| "source": "shm", | |
| "options": [ | |
| "nosuid", | |
| "noexec", | |
| "nodev", | |
| "mode=1777", | |
| "size=65536k" | |
| ] | |
| }, | |
| { | |
| "destination": "/dev/mqueue", | |
| "type": "mqueue", | |
| "source": "mqueue", | |
| "options": [ | |
| "nosuid", | |
| "noexec", | |
| "nodev" | |
| ] | |
| }, | |
| { | |
| "destination": "/sys", | |
| "type": "sysfs", | |
| "source": "sysfs", | |
| "options": [ | |
| "nosuid", | |
| "noexec", | |
| "nodev", | |
| "ro" | |
| ] | |
| }, | |
| { | |
| "destination": "/sys/fs/cgroup", | |
| "type": "cgroup", | |
| "source": "cgroup", | |
| "options": [ | |
| "nosuid", | |
| "noexec", | |
| "nodev", | |
| "relatime", | |
| "ro" | |
| ] | |
| } | |
| ], | |
| "hooks": {}, | |
| "linux": { | |
| "resources": { | |
| "devices": [ | |
| { | |
| "allow": false, | |
| "access": "rwm" | |
| } | |
| ] | |
| }, | |
| "namespaces": [ | |
| { | |
| "type": "ipc" | |
| }, | |
| { | |
| "type": "mount" | |
| } | |
| ] | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment