17 lines
456 B
Bash
Executable File
17 lines
456 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# NOTE!
|
|
# when you mount the docker socket into the docker container
|
|
# this is equivalent to giving it root on the outside host.
|
|
# the jobs run via this tool should not be able to exploit this,
|
|
# but it's possible that they can, so don't assume that jobs execute
|
|
# in an isolated security context.
|
|
|
|
docker run \
|
|
--name strpcd \
|
|
-v /var/run/docker.sock:/var/run/docker.sock \
|
|
-v /storage/strpc:/rpc \
|
|
--restart always \
|
|
-d \
|
|
sneak/strpcd
|