Skip to content

Instantly share code, notes, and snippets.

@dav1x

dav1x/config.json

Created March 16, 2017 16:00
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dav1x/0d990fa025f9f8056b7bb6b89070137c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dav1x/0d990fa025f9f8056b7bb6b89070137c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
config.json
{
"ociVersion": "1.0.0",
"platform": {
"os": "linux",
"arch": "amd64"
},
"process": {
"terminal": false,
"user": {},
"args": [
"/usr/bin/vmtoolsd"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm",
"NAME=open-vm-tools",
"SYSTEMD_IGNORE_CHROOT=1"
],
"cwd": "/",
"capabilities": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_LINUX_IMMUTABLE",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_MODULE",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_PACCT",
"CAP_SYS_ADMIN",
"CAP_SYS_BOOT",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TIME",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_LEASE",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
"CAP_MAC_OVERRIDE",
"CAP_MAC_ADMIN",
"CAP_SYSLOG",
"CAP_WAKE_ALARM",
"CAP_BLOCK_SUSPEND"
],
"rlimits": [
{
"type": "RLIMIT_NOFILE",
"hard": 1024,
"soft": 1024
}
],
"noNewPrivileges": false
},
"root": {
"path": "rootfs",
"readonly": true
},
"mounts": [
{
"destination": "/run/systemd",
"type": "bind",
"source": "/run/systemd",
"options": [
"rw",
"rbind",
"rprivate"
]
},
{
"destination": "/etc/adjtime",
"type": "bind",
"source": "/etc/adjtime",
"options": [
"rw",
"rbind",
"rprivate"
]
},
{
"destination": "/etc/hosts",
"type": "bind",
"source": "/etc/hosts",
"options": [
"rw",
"rbind",
"rprivate"
]
},
{
"destination": "/tmp",
"type": "bind",
"source": "/tmp",
"options": [
"rw",
"rbind",
"rprivate"
]
},
{
"destination": "/etc/sysconfig",
"type": "bind",
"source": "/etc/sysconfig",
"options": [
"rw",
"rbind",
"rprivate"
]
},
{
"destination": "/etc/resolv.conf",
"type": "bind",
"source": "/etc/resolv.conf",
"options": [
"rw",
"rbind",
"rprivate"
]
},
{
"destination": "/etc/shadow",
"type": "bind",
"source": "/etc/shadow",
"options": [
"ro",
"rbind",
"rprivate"
]
},
{
"destination": "/sys/fs/cgroup",
"type": "bind",
"source": "/sys/fs/cgroup",
"options": [
"rw",
"rbind",
"rprivate",
"ro"
]
},
{
"destination": "/hostproc",
"type": "bind",
"source": "/proc",
"options": [
"rw",
"rbind",
"rprivate"
]
},
{
"destination": "/etc/hostname",
"type": "bind",
"source": "/etc/hostname",
"options": [
"rw",
"rbind",
"rprivate"
]
},
{
"destination": "/sysroot",
"type": "bind",
"source": "/sysroot",
"options": [
"rw",
"rbind",
"rprivate"
]
},
{
"destination": "/etc/passwd",
"type": "bind",
"source": "/etc/passwd",
"options": [
"ro",
"rbind",
"rprivate"
]
},
{
"destination": "/usr/share/zoneinfo",
"type": "bind",
"source": "/usr/share/zoneinfo",
"options": [
"rw",
"rbind",
"rprivate"
]
},
{
"destination": "/var/lib/sss/pipes",
"type": "bind",
"source": "/var/lib/sss/pipes",
"options": [
"rw",
"rbind",
"rprivate"
]
},
{
"destination": "/etc/nsswitch.conf",
"type": "bind",
"source": "/etc/nsswitch.conf",
"options": [
"rw",
"rbind",
"rprivate"
]
},
{
"destination": "/var/log",
"type": "bind",
"source": "/var/log",
"options": [
"rw",
"rbind",
"rprivate"
]
},
{
"destination": "/host",
"type": "bind",
"source": "/",
"options": [
"rw",
"rbind",
"rprivate"
]
},
{
"destination": "/proc",
"type": "proc",
"source": "proc"
},
{
"type": "bind",
"source": "/dev",
"destination": "/dev",
"options": [
"rbind",
"rw",
"mode=755"
]
},
{
"destination": "/dev/pts",
"type": "devpts",
"source": "devpts",
"options": [
"nosuid",
"noexec",
"newinstance",
"ptmxmode=0666",
"mode=0620",
"gid=5"
]
},
{
"destination": "/dev/shm",
"type": "tmpfs",
"source": "shm",
"options": [
"nosuid",
"noexec",
"nodev",
"mode=1777",
"size=65536k"
]
},
{
"destination": "/dev/mqueue",
"type": "mqueue",
"source": "mqueue",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/sys",
"type": "sysfs",
"source": "sysfs",
"options": [
"nosuid",
"noexec",
"nodev",
"ro"
]
},
{
"destination": "/sys/fs/cgroup",
"type": "cgroup",
"source": "cgroup",
"options": [
"nosuid",
"noexec",
"nodev",
"relatime",
"ro"
]
}
],
"hooks": {},
"linux": {
"resources": {
"devices": [
{
"allow": false,
"access": "rwm"
}
]
},
"namespaces": [
{
"type": "ipc"
},
{
"type": "mount"
}
]
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment