#!/bin/bash

# NOTE!
# when you mount the docker socket into the docker container
# this is equivalent to giving it root on the outside host.
# the jobs run via this tool should not be able to exploit this,
# but it's possible that they can, so don't assume that jobs execute
# in an isolated security context.

docker run \
	--name strpcd \
	-v /var/run/docker.sock:/var/run/docker.sock \
	-v /storage/strpc:/rpc \
	--restart always \
	-d \
	sneak/strpcd