vinzenz/redox
0
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Update docker script for SELinux, seccomp and AppArmor enabled systems

Browse source
This commit is contained in:
Bob Sun 2017-08-23 13:09:24 -07:00 committed by GitHub
parent b70934506a
commit f6c3b992e7
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
docker/README.md
View file

@ -20,10 +20,17 @@ To unpack:
4. Builds Redox using the `redox` image. The arguments allow the container to use `fuse` and ensure the resulting files are owned by the current user. 4. Builds Redox using the `redox` image. The arguments allow the container to use `fuse` and ensure the resulting files are owned by the current user.
5. Runs Redox. 5. Runs Redox.
On selinux systems, replace #4 with: For SELinux, seccomp, and AppArmor enabled systems, please add following commands to #4 accordingly:
```
--security-opt label=disable // disable SELinux
--security-opt seccomp=unconfined // disable seccomp
--security-opt apparmor=unconfined // disable AppArmor
```
E.g., on SELinux systems, replace #4 with:
``` ```
docker run --cap-add MKNOD --cap-add SYS_ADMIN \ docker run --cap-add MKNOD --cap-add SYS_ADMIN \
-e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \ -e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \
--device /dev/fuse -v "$(pwd):/home/user/src" --security-opt seccomp=unconfined --security-opt apparmor=unconfined \ --device /dev/fuse -v "$(pwd):/home/user/src" --security-opt label=disable \
--rm redox make fetch all --rm redox make fetch all
``` ```