strpc/bin/prodserver

#!/bin/bash

# NOTE!
# when you mount the docker socket into the docker container
# this is equivalent to giving it root on the outside host.
# the jobs run via this tool should not be able to exploit this,
# but it's possible that they can, so don't assume that jobs execute
# in an isolated security context.

docker run \
	--name strpcd \
	-v /var/run/docker.sock:/var/run/docker.sock \
	-v /storage/strpc:/rpc \
	--restart always \
	-d \
	sneak/strpcd
almost to an alpha 2019-08-07 00:02:41 +00:00			`#!/bin/bash`

			`# NOTE!`
			`# when you mount the docker socket into the docker container`
			`# this is equivalent to giving it root on the outside host.`
			`# the jobs run via this tool should not be able to exploit this,`
			`# but it's possible that they can, so don't assume that jobs execute`
			`# in an isolated security context.`

			`docker run \`
			`--name strpcd \`
			`-v /var/run/docker.sock:/var/run/docker.sock \`
			`-v /storage/strpc:/rpc \`
			`--restart always \`
			`-d \`
			`sneak/strpcd`