mirror of
https://github.com/jokob-sk/NetAlertX.git
synced 2026-04-03 16:51:24 -07:00
Unit tests
This commit is contained in:
Adam Outler
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -34,7 +35,7 @@ services:
|
||||
target: /tmp/nginx/active-config
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
test_netalertx_data:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -30,6 +31,6 @@ services:
|
||||
target: /data
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
test_netalertx_data:
|
||||
test_netalertx_data:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -30,6 +31,6 @@ services:
|
||||
target: /data
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
test_netalertx_data:
|
||||
test_netalertx_data:
|
||||
@@ -13,15 +13,17 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
environment:
|
||||
LISTEN_ADDR: 0.0.0.0
|
||||
PORT: 9999 # Use non-default port to test all paths
|
||||
APP_CONF_OVERRIDE: 20212
|
||||
PORT: ${PORT:-9999} # Use non-default port to test all paths
|
||||
APP_CONF_OVERRIDE: ${GRAPHQL_PORT:-26212}
|
||||
ALWAYS_FRESH_INSTALL: true
|
||||
NETALERTX_DEBUG: 0
|
||||
NETALERTX_CHECK_ONLY: ${NETALERTX_CHECK_ONLY:-1}
|
||||
SYSTEM_SERVICES_ACTIVE_CONFIG: /tmp/nginx/active-config
|
||||
|
||||
volumes:
|
||||
@@ -34,7 +36,7 @@ services:
|
||||
target: /tmp/nginx/active-config
|
||||
read_only: true
|
||||
tmpfs:
|
||||
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
test_netalertx_data:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -38,9 +39,9 @@ services:
|
||||
target: /tmp/api
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
netalertx_config:
|
||||
netalertx_db:
|
||||
@@ -49,4 +50,4 @@ volumes:
|
||||
test_netalertx_api:
|
||||
test_netalertx_log:
|
||||
test_system_services_run:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -34,9 +35,9 @@ services:
|
||||
target: /data/config
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
netalertx_config:
|
||||
netalertx_db:
|
||||
@@ -45,4 +46,4 @@ volumes:
|
||||
test_netalertx_api:
|
||||
test_netalertx_log:
|
||||
test_system_services_run:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -1,5 +1,5 @@
|
||||
# Expected outcome: Mounts table shows /tmp/api is mounted and writable but NOT readable (R=❌, W=✅)
|
||||
# Note: This is a diagnostic-only container (entrypoint sleeps); the test chmods/chowns /tmp/api to mode 0300.
|
||||
# Note: This is a diagnostic-only container (entrypoint sleeps); the test chmods /tmp/api to mode 0300.
|
||||
services:
|
||||
netalertx:
|
||||
network_mode: host
|
||||
@@ -8,15 +8,27 @@ services:
|
||||
dockerfile: Dockerfile
|
||||
image: netalertx-test
|
||||
container_name: netalertx-test-mount-api_noread
|
||||
entrypoint: ["sh", "-lc", "sleep infinity"]
|
||||
user: "20211:20211"
|
||||
entrypoint:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
mkdir -p /tmp/api
|
||||
chmod 0300 /tmp/api
|
||||
exec /entrypoint.sh
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
- SETUID
|
||||
- SETGID
|
||||
environment:
|
||||
NETALERTX_DEBUG: 0
|
||||
PUID: 20211
|
||||
PGID: 20211
|
||||
NETALERTX_DATA: /data
|
||||
NETALERTX_DB: /data/db
|
||||
NETALERTX_CONFIG: /data/config
|
||||
@@ -33,7 +45,7 @@ services:
|
||||
read_only: false
|
||||
|
||||
tmpfs:
|
||||
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp:mode=1777,uid=20211,gid=20211,rw,nosuid,nodev,async,noatime,nodiratime"
|
||||
|
||||
volumes:
|
||||
test_netalertx_data:
|
||||
test_netalertx_data:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -30,6 +31,6 @@ services:
|
||||
target: /data
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
test_netalertx_data:
|
||||
test_netalertx_data:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -38,9 +39,9 @@ services:
|
||||
target: /tmp/api
|
||||
read_only: true
|
||||
tmpfs:
|
||||
- "/tmp/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
netalertx_config:
|
||||
netalertx_db:
|
||||
@@ -49,4 +50,4 @@ volumes:
|
||||
test_netalertx_api:
|
||||
test_netalertx_log:
|
||||
test_system_services_run:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -0,0 +1,35 @@
|
||||
# Expected outcome: Priming fails without CAP_CHOWN when caps are fully dropped
|
||||
# - Container should exit fatally during priming
|
||||
# - Logs must explain CAP_CHOWN requirement and link to troubleshooting docs
|
||||
services:
|
||||
netalertx:
|
||||
network_mode: host
|
||||
build:
|
||||
context: ../../../
|
||||
dockerfile: Dockerfile
|
||||
image: netalertx-test
|
||||
container_name: netalertx-test-mount-cap_chown_missing
|
||||
cap_drop:
|
||||
- CHOWN
|
||||
cap_add:
|
||||
- SETUID
|
||||
- SETGID
|
||||
# Intentionally drop CHOWN to prove failure path while leaving defaults intact
|
||||
environment:
|
||||
LISTEN_ADDR: 0.0.0.0
|
||||
PORT: 9999
|
||||
APP_CONF_OVERRIDE: 20212
|
||||
ALWAYS_FRESH_INSTALL: true
|
||||
NETALERTX_DEBUG: 0
|
||||
PUID: 20211
|
||||
PGID: 20211
|
||||
|
||||
volumes:
|
||||
- type: volume
|
||||
source: test_netalertx_data
|
||||
target: /data
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
test_netalertx_data:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -30,6 +31,6 @@ services:
|
||||
target: /data
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp:mode=1700,uid=20211,gid=20211,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
test_netalertx_data:
|
||||
test_netalertx_data:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -30,10 +31,10 @@ services:
|
||||
target: /data/db
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/api:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
netalertx_config:
|
||||
netalertx_db:
|
||||
@@ -42,4 +43,4 @@ volumes:
|
||||
test_netalertx_api:
|
||||
test_netalertx_log:
|
||||
test_system_services_run:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -30,11 +31,11 @@ services:
|
||||
target: /data/db
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/data/config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/data/config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/api:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
netalertx_config:
|
||||
netalertx_db:
|
||||
@@ -43,4 +44,4 @@ volumes:
|
||||
test_netalertx_api:
|
||||
test_netalertx_log:
|
||||
test_system_services_run:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -34,10 +35,10 @@ services:
|
||||
target: /data/config
|
||||
read_only: true
|
||||
tmpfs:
|
||||
- "/tmp/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/api:mode=1700,uid=20211,gid=20211,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:mode=1700,uid=20211,gid=20211,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:mode=1700,uid=20211,gid=20211,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:mode=1700,uid=20211,gid=20211,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
netalertx_config:
|
||||
netalertx_db:
|
||||
@@ -46,4 +47,4 @@ volumes:
|
||||
test_netalertx_api:
|
||||
test_netalertx_log:
|
||||
test_system_services_run:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -8,15 +8,20 @@ services:
|
||||
dockerfile: Dockerfile
|
||||
image: netalertx-test
|
||||
container_name: netalertx-test-mount-data_noread
|
||||
entrypoint: ["sh", "-lc", "sleep infinity"]
|
||||
user: "20211:20211"
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
- SETUID
|
||||
- SETGID
|
||||
environment:
|
||||
NETALERTX_DEBUG: 0
|
||||
PUID: 20211
|
||||
PGID: 20211
|
||||
NETALERTX_DATA: /data
|
||||
NETALERTX_DB: /data/db
|
||||
NETALERTX_CONFIG: /data/config
|
||||
@@ -33,7 +38,7 @@ services:
|
||||
read_only: false
|
||||
|
||||
tmpfs:
|
||||
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
|
||||
volumes:
|
||||
test_netalertx_data:
|
||||
test_netalertx_data:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -30,6 +31,6 @@ services:
|
||||
target: /data
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
test_netalertx_data:
|
||||
test_netalertx_data:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -30,10 +31,10 @@ services:
|
||||
target: /data/config
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/api:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
netalertx_config:
|
||||
netalertx_db:
|
||||
@@ -42,4 +43,4 @@ volumes:
|
||||
test_netalertx_api:
|
||||
test_netalertx_log:
|
||||
test_system_services_run:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -8,15 +8,20 @@ services:
|
||||
dockerfile: Dockerfile
|
||||
image: netalertx-test
|
||||
container_name: netalertx-test-mount-db_noread
|
||||
entrypoint: ["sh", "-lc", "sleep infinity"]
|
||||
user: "20211:20211"
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
- SETUID
|
||||
- SETGID
|
||||
environment:
|
||||
NETALERTX_DEBUG: 0
|
||||
PUID: 20211
|
||||
PGID: 20211
|
||||
NETALERTX_DATA: /data
|
||||
NETALERTX_DB: /data/db
|
||||
NETALERTX_CONFIG: /data/config
|
||||
@@ -33,7 +38,7 @@ services:
|
||||
read_only: false
|
||||
|
||||
tmpfs:
|
||||
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
|
||||
volumes:
|
||||
test_netalertx_data:
|
||||
test_netalertx_data:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -30,11 +31,11 @@ services:
|
||||
target: /data/config
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/data/db:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/data/db:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/api:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
netalertx_config:
|
||||
netalertx_db:
|
||||
@@ -43,4 +44,4 @@ volumes:
|
||||
test_netalertx_api:
|
||||
test_netalertx_log:
|
||||
test_system_services_run:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -34,16 +35,10 @@ services:
|
||||
target: /data/config
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/api:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
netalertx_config:
|
||||
netalertx_db:
|
||||
test_netalertx_db:
|
||||
test_netalertx_config:
|
||||
test_netalertx_api:
|
||||
test_netalertx_log:
|
||||
test_system_services_run:
|
||||
test_system_services_active_config:
|
||||
test_netalertx_db:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -38,9 +39,9 @@ services:
|
||||
target: /tmp/log
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/api:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
netalertx_config:
|
||||
netalertx_db:
|
||||
@@ -49,4 +50,4 @@ volumes:
|
||||
test_netalertx_api:
|
||||
test_netalertx_log:
|
||||
test_system_services_run:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -34,9 +35,9 @@ services:
|
||||
target: /data/config
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/api:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
netalertx_config:
|
||||
netalertx_db:
|
||||
@@ -45,4 +46,4 @@ volumes:
|
||||
test_netalertx_api:
|
||||
test_netalertx_log:
|
||||
test_system_services_run:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -30,6 +31,6 @@ services:
|
||||
target: /data
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
test_netalertx_data:
|
||||
test_netalertx_data:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -38,9 +39,9 @@ services:
|
||||
target: /tmp/log
|
||||
read_only: true
|
||||
tmpfs:
|
||||
- "/tmp/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/api:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/run:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
netalertx_config:
|
||||
netalertx_db:
|
||||
@@ -49,4 +50,4 @@ volumes:
|
||||
test_netalertx_api:
|
||||
test_netalertx_log:
|
||||
test_system_services_run:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -38,9 +39,9 @@ services:
|
||||
target: /tmp/run
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/api:mode=1700,uid=20211,gid=20211,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:mode=1700,uid=20211,gid=20211,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:mode=1700,uid=20211,gid=20211,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
netalertx_config:
|
||||
netalertx_db:
|
||||
@@ -49,4 +50,4 @@ volumes:
|
||||
test_netalertx_api:
|
||||
test_netalertx_log:
|
||||
test_system_services_run:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -34,9 +35,8 @@ services:
|
||||
target: /data/config
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/api:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
netalertx_config:
|
||||
netalertx_db:
|
||||
@@ -45,4 +45,4 @@ volumes:
|
||||
test_netalertx_api:
|
||||
test_netalertx_log:
|
||||
test_system_services_run:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -30,6 +31,6 @@ services:
|
||||
target: /data
|
||||
read_only: false
|
||||
tmpfs:
|
||||
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
test_netalertx_data:
|
||||
test_netalertx_data:
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
@@ -38,9 +39,9 @@ services:
|
||||
target: /tmp/run
|
||||
read_only: true
|
||||
tmpfs:
|
||||
- "/tmp/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/api:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/log:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
volumes:
|
||||
netalertx_config:
|
||||
netalertx_db:
|
||||
@@ -49,4 +50,4 @@ volumes:
|
||||
test_netalertx_api:
|
||||
test_netalertx_log:
|
||||
test_system_services_run:
|
||||
test_system_services_active_config:
|
||||
test_system_services_active_config:
|
||||
@@ -8,15 +8,20 @@ services:
|
||||
dockerfile: Dockerfile
|
||||
image: netalertx-test
|
||||
container_name: netalertx-test-mount-tmp_noread
|
||||
entrypoint: ["sh", "-lc", "sleep infinity"]
|
||||
user: "20211:20211"
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- NET_BIND_SERVICE
|
||||
- SETUID
|
||||
- SETGID
|
||||
environment:
|
||||
NETALERTX_DEBUG: 0
|
||||
PUID: 20211
|
||||
PGID: 20211
|
||||
NETALERTX_DATA: /data
|
||||
NETALERTX_DB: /data/db
|
||||
NETALERTX_CONFIG: /data/config
|
||||
@@ -33,7 +38,7 @@ services:
|
||||
read_only: false
|
||||
|
||||
tmpfs:
|
||||
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
- "/tmp:mode=0300,uid=20211,gid=20211,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
||||
|
||||
volumes:
|
||||
test_netalertx_data:
|
||||
test_netalertx_data:
|
||||
Reference in New Issue
Block a user