[Vm-dev] How to create headless VM without some primitives?
Pierce Ng
pierce at samadhiweb.com
Thu Apr 16 01:55:23 UTC 2020
On Tue, Apr 14, 2020 at 02:32:18PM -0500, Erik Stel wrote:
> If someone has some input/experience on using container technology to
> limit/sandbox the environment I'm happy to hear about it. Using the
> 'default' headless VM would be very beneficial wrt not having to maintain
> and build custom VM's.
The simplest is to run the VM with a dedicated non-root UID within the
container, and configure the in-container filesystem permissions to
allow said UID to write only to specific directories.
My Dockerfile:
FROM samadhiweb/pharovm:49c2617-alpine
RUN addgroup -g 1099 pharoapp \
&& adduser -D -u 1099 -G pharoapp -h /home/pharoapp pharoapp
WORKDIR /pkg/image
COPY app.image app.image
RUN chown -R pharoapp:pharoapp /pkg/image
EXPOSE 8081
ENV LD_LIBRARY_PATH /pkg/vm
USER pharoapp:pharoapp
CMD /bin/runapp.sh
Pierce
More information about the Vm-dev
mailing list