mirror of
https://github.com/jokob-sk/NetAlertX.git
synced 2026-03-09 02:28:18 -04:00
51 lines
1.3 KiB
YAML
51 lines
1.3 KiB
YAML
# Expected outcome: Mounts table shows /tmp/api is mounted and writable but NOT readable (R=❌, W=✅)
|
|
# Note: This is a diagnostic-only container (entrypoint sleeps); the test chmods /tmp/api to mode 0300.
|
|
services:
|
|
netalertx:
|
|
network_mode: host
|
|
build:
|
|
context: ../../../
|
|
dockerfile: Dockerfile
|
|
image: netalertx-test
|
|
container_name: netalertx-test-mount-api_noread
|
|
user: "20211:20211"
|
|
entrypoint:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
mkdir -p /tmp/api
|
|
chmod 0300 /tmp/api
|
|
exec /entrypoint.sh
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
- NET_BIND_SERVICE
|
|
- SETUID
|
|
- SETGID
|
|
environment:
|
|
NETALERTX_DEBUG: 0
|
|
PUID: 20211
|
|
PGID: 20211
|
|
NETALERTX_DATA: /data
|
|
NETALERTX_DB: /data/db
|
|
NETALERTX_CONFIG: /data/config
|
|
SYSTEM_SERVICES_RUN_TMP: /tmp
|
|
NETALERTX_API: /tmp/api
|
|
NETALERTX_LOG: /tmp/log
|
|
SYSTEM_SERVICES_RUN: /tmp/run
|
|
SYSTEM_SERVICES_ACTIVE_CONFIG: /tmp/nginx/active-config
|
|
|
|
volumes:
|
|
- type: volume
|
|
source: test_netalertx_data
|
|
target: /data
|
|
read_only: false
|
|
|
|
tmpfs:
|
|
- "/tmp:mode=1777,uid=20211,gid=20211,rw,nosuid,nodev,async,noatime,nodiratime"
|
|
|
|
volumes:
|
|
test_netalertx_data: |