strpc/bin/prodserver

17 lines
456 B
Plaintext
Raw Permalink Normal View History

2019-08-07 00:02:41 +00:00
#!/bin/bash
# NOTE!
# when you mount the docker socket into the docker container
# this is equivalent to giving it root on the outside host.
# the jobs run via this tool should not be able to exploit this,
# but it's possible that they can, so don't assume that jobs execute
# in an isolated security context.
docker run \
--name strpcd \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /storage/strpc:/rpc \
--restart always \
-d \
sneak/strpcd