setup.json at main · jon.recoil.org/day10

A fork of mtelver's day10 project
day10 / setup.json
at main 141 lines 4.5 kB view raw
wrap content
  1{
  2  "ociVersion": "1.0.1-dev",
  3  "process": {
  4    "terminal": false,
  5    "user": { "uid": 0, "gid": 0 },
  6    "args": [
  7      "/usr/bin/env", "bash", "-c",
  8      "apt update && apt upgrade -y && apt install build-essential unzip bubblewrap git sudo curl rsync -y && adduser --disabled-password --gecos '@opam' --no-create-home --home /home/opam opam && chown -R $(id -u opam):$(id -g opam) /home/opam && su - opam -c 'opam init -k local -a /home/opam/opam-repository --bare -y' && su - opam -c 'opam switch create default --empty'"
  9    ],
 10    "env": [
 11      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
 12      "HOME=/home/opam", "OPAMYES=1", "OPAMCONFIRMLEVEL=unsafe-yes",
 13      "OPAMERRLOGLEN=0", "OPAMPRECISETRACKING=1"
 14    ],
 15    "cwd": "/home/opam",
 16    "capabilities": {
 17      "bounding": [
 18        "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FSETID", "CAP_FOWNER",
 19        "CAP_MKNOD", "CAP_SETGID", "CAP_SETUID", "CAP_SETFCAP",
 20        "CAP_SETPCAP", "CAP_SYS_CHROOT", "CAP_KILL", "CAP_AUDIT_WRITE"
 21      ],
 22      "effective": [
 23        "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FSETID", "CAP_FOWNER",
 24        "CAP_MKNOD", "CAP_SETGID", "CAP_SETUID", "CAP_SETFCAP",
 25        "CAP_SETPCAP", "CAP_SYS_CHROOT", "CAP_KILL", "CAP_AUDIT_WRITE"
 26      ],
 27      "inheritable": [
 28        "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FSETID", "CAP_FOWNER",
 29        "CAP_MKNOD", "CAP_SETGID", "CAP_SETUID", "CAP_SETFCAP",
 30        "CAP_SETPCAP", "CAP_SYS_CHROOT", "CAP_KILL", "CAP_AUDIT_WRITE"
 31      ],
 32      "permitted": [
 33        "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FSETID", "CAP_FOWNER",
 34        "CAP_MKNOD", "CAP_SETGID", "CAP_SETUID", "CAP_SETFCAP",
 35        "CAP_SETPCAP", "CAP_SYS_CHROOT", "CAP_KILL", "CAP_AUDIT_WRITE"
 36      ]
 37    },
 38    "rlimits": [ { "type": "RLIMIT_NOFILE", "hard": 1024, "soft": 1024 } ],
 39    "noNewPrivileges": false
 40  },
 41  "root": { "path": "rootfs", "readonly": false },
 42  "hostname": "builder",
 43  "mounts": [
 44    {
 45      "destination": "/home/opam/opam-repository",
 46      "type": "bind",
 47      "source": "/home/mtelvers/opam-repository",
 48      "options": [ "rbind", "rprivate" ]
 49    },
 50    {
 51      "destination": "/etc/hosts",
 52      "type": "bind",
 53      "source": "/home/mtelvers/day29/hosts",
 54      "options": [ "ro", "rbind", "rprivate" ]
 55    },
 56    {
 57      "destination": "/proc",
 58      "type": "proc",
 59      "source": "proc",
 60      "options": [ "nosuid", "noexec", "nodev" ]
 61    },
 62    {
 63      "destination": "/dev",
 64      "type": "tmpfs",
 65      "source": "tmpfs",
 66      "options": [ "nosuid", "strictatime", "mode=755", "size=65536k" ]
 67    },
 68    {
 69      "destination": "/dev/pts",
 70      "type": "devpts",
 71      "source": "devpts",
 72      "options": [
 73        "nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620",
 74        "gid=5"
 75      ]
 76    },
 77    {
 78      "destination": "/sys",
 79      "type": "sysfs",
 80      "source": "sysfs",
 81      "options": [ "nosuid", "noexec", "nodev", "ro" ]
 82    },
 83    {
 84      "destination": "/sys/fs/cgroup",
 85      "type": "cgroup",
 86      "source": "cgroup",
 87      "options": [ "ro", "nosuid", "noexec", "nodev" ]
 88    },
 89    {
 90      "destination": "/dev/shm",
 91      "type": "tmpfs",
 92      "source": "shm",
 93      "options": [ "nosuid", "noexec", "nodev", "mode=1777", "size=65536k" ]
 94    },
 95    {
 96      "destination": "/dev/mqueue",
 97      "type": "mqueue",
 98      "source": "mqueue",
 99      "options": [ "nosuid", "noexec", "nodev" ]
100    },
101    {
102      "destination": "/etc/resolv.conf",
103      "type": "bind",
104      "source": "/etc/resolv.conf",
105      "options": [ "ro", "rbind", "rprivate" ]
106    }
107  ],
108  "linux": {
109    "namespaces": [
110      { "type": "pid" },
111      { "type": "ipc" },
112      { "type": "uts" },
113      { "type": "mount" }
114    ],
115    "maskedPaths": [
116      "/proc/acpi", "/proc/asound", "/proc/kcore", "/proc/keys",
117      "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats",
118      "/proc/sched_debug", "/sys/firmware", "/proc/scsi"
119    ],
120    "readonlyPaths": [
121      "/proc/bus", "/proc/fs", "/proc/irq", "/proc/sys",
122      "/proc/sysrq-trigger"
123    ],
124    "seccomp": {
125      "defaultAction": "SCMP_ACT_ALLOW",
126      "syscalls": [
127        {
128          "names": [
129            "fsync", "fdatasync", "msync", "sync", "syncfs",
130            "sync_file_range"
131          ],
132          "action": "SCMP_ACT_ERRNO",
133          "errnoRet": 0
134        }
135      ],
136      "architectures": [
137        "SCMP_ARCH_X86_64", "SCMP_ARCH_X86", "SCMP_ARCH_X32"
138      ]
139    }
140  }
141}