mirror of
https://github.com/jokob-sk/NetAlertX.git
synced 2026-03-30 23:03:03 -07:00
40 lines
1.1 KiB
YAML
40 lines
1.1 KiB
YAML
# Expected outcome: Mounts table shows /tmp is mounted and writable but NOT readable (R=❌, W=✅)
|
|
# Note: This is a diagnostic-only container (entrypoint sleeps); the test chmods/chowns /tmp to mode 0300.
|
|
services:
|
|
netalertx:
|
|
network_mode: host
|
|
build:
|
|
context: ../../../
|
|
dockerfile: Dockerfile
|
|
image: netalertx-test
|
|
container_name: netalertx-test-mount-tmp_noread
|
|
entrypoint: ["sh", "-lc", "sleep infinity"]
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
- NET_BIND_SERVICE
|
|
environment:
|
|
NETALERTX_DEBUG: 0
|
|
NETALERTX_DATA: /data
|
|
NETALERTX_DB: /data/db
|
|
NETALERTX_CONFIG: /data/config
|
|
SYSTEM_SERVICES_RUN_TMP: /tmp
|
|
NETALERTX_API: /tmp/api
|
|
NETALERTX_LOG: /tmp/log
|
|
SYSTEM_SERVICES_RUN: /tmp/run
|
|
SYSTEM_SERVICES_ACTIVE_CONFIG: /tmp/nginx/active-config
|
|
|
|
volumes:
|
|
- type: volume
|
|
source: test_netalertx_data
|
|
target: /data
|
|
read_only: false
|
|
|
|
tmpfs:
|
|
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
|
|
|
|
volumes:
|
|
test_netalertx_data:
|