holm/docker
1
0
Fork 0
forked from extern/docker
Code Issues Pull Requests Packages Projects Releases Wiki Activity

reduced container privileges

Browse Source
This commit is contained in:
chandi 2020-04-09 08:02:08 +02:00
parent cb45009e59
commit 5724e437d7
2 changed files with 3 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docker-compose.yml
View File

@ -3,11 +3,10 @@ version: '2'
services: services:
bbb: bbb:
image: bbb image: bbb
privileged: true
hostname: meet.livingutopia.org hostname: meet.livingutopia.org
cap_add: cap_add:
- NET_ADMIN
- SYS_NICE # for realtime scheduling - SYS_NICE # for realtime scheduling
- SYS_ADMIN # for systemd
environment: environment:
- container=docker - container=docker
tmpfs: tmpfs:
@ -15,7 +14,8 @@ services:
- /run/lock - /run/lock
- /tmp:exec,mode=777 - /tmp:exec,mode=777
volumes: volumes:
- ./setup.sh:/opt/docker-bbb/setup.sh - /sys/fs/cgroup:/sys/fs/cgroup:ro # for systemd
- ./setup.sh:/opt/setup.sh
- ./mod/freeswitch/vars.xml:/opt/freeswitch/conf/vars.xml - ./mod/freeswitch/vars.xml:/opt/freeswitch/conf/vars.xml
- ./mod/freeswitch/external.xml:/opt/freeswitch/conf/sip_profiles/external.xml - ./mod/freeswitch/external.xml:/opt/freeswitch/conf/sip_profiles/external.xml
- ./mod/nginx/sip.nginx:/etc/bigbluebutton/nginx/sip.nginx - ./mod/nginx/sip.nginx:/etc/bigbluebutton/nginx/sip.nginx
@ -26,7 +26,4 @@ services:
- ./mod/web/bigbluebutton.properties:/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties - ./mod/web/bigbluebutton.properties:/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
- ./mod/kurento/WebRtcEndpoint.conf.ini:/etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini - ./mod/kurento/WebRtcEndpoint.conf.ini:/etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini
- ./mod/bbb-webrtc-sfu/config.yml:/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml - ./mod/bbb-webrtc-sfu/config.yml:/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml
- ./rc.local:/etc/rc.local
security_opt:
- seccomp:unconfined
network_mode: host network_mode: host

2
setup.sh
View File

@ -5,8 +5,6 @@ HOST=meet.livingutopia.org
TOMCAT_USER=tomcat7 TOMCAT_USER=tomcat7
SERVLET_DIR=/usr/share/bbb-web SERVLET_DIR=/usr/share/bbb-web
echo $HOST > /etc/hostname
TURN_XML=$SERVLET_DIR/WEB-INF/classes/spring/turn-stun-servers.xml TURN_XML=$SERVLET_DIR/WEB-INF/classes/spring/turn-stun-servers.xml
while [ ! -f $SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties ]; do sleep 1; echo -n '.'; done while [ ! -f $SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties ]; do sleep 1; echo -n '.'; done