Disassembler/Spotter-VM
1
0
Fork 0
Code Issues 78 Pull Requests Actions Packages Projects Releases Wiki Activity

Remove paxctl as kernel is no longer hardened

Browse Source
This commit is contained in:
Disassembler 2018-07-09 16:21:48 +02:00
parent a9446fa1e4
commit 643ab39fb8
Signed by: Disassembler
GPG Key ID: 524BD33A0EE29499
5 changed files with 6 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
basic-runtimes/java/Dockerfile
View File

@ -3,11 +3,4 @@ MAINTAINER Disassembler <disassembler@dasm.cz>
RUN \ RUN \
# Install Java 1.8 JRE # Install Java 1.8 JRE
apk --no-cache add openjdk8-jre-base paxctl \ apk --no-cache add openjdk8-jre-base
# Fix grsec attributes to loosen memory protection restrictions
&& paxctl -cm /usr/lib/jvm/java-1.8-openjdk/bin/java \
&& paxctl -cm /usr/lib/jvm/java-1.8-openjdk/bin/keytool \
&& paxctl -cm /usr/lib/jvm/java-1.8-openjdk/jre/bin/java \
&& paxctl -cm /usr/lib/jvm/java-1.8-openjdk/jre/bin/keytool \
# Cleanup
&& apk --no-cache del paxctl

6
crisiscleanup/Dockerfile
View File

@ -3,11 +3,7 @@ MAINTAINER Disassembler <disassembler@dasm.cz>
RUN \ RUN \
# Install NodeJS runtime # Install NodeJS runtime
apk --no-cache add nodejs paxctl \ apk --no-cache add nodejs
# Fix grsec attributes to loosen memory protection restrictions
&& paxctl -cm /usr/bin/node \
# Cleanup
&& apk --no-cache del paxctl
RUN \ RUN \
# Install runtime dependencies # Install runtime dependencies

6
gnuhealth/Dockerfile
View File

@ -3,11 +3,7 @@ MAINTAINER Disassembler <disassembler@dasm.cz>
RUN \ RUN \
# Install NodeJS runtime # Install NodeJS runtime
apk --no-cache add nodejs paxctl \ apk --no-cache add nodejs
# Fix grsec attributes to loosen memory protection restrictions
&& paxctl -cm /usr/bin/node \
# Cleanup
&& apk --no-cache del paxctl
RUN \ RUN \
# Install runtime dependencies # Install runtime dependencies

11
opendatakit-build/Dockerfile
View File

@ -3,11 +3,7 @@ MAINTAINER Disassembler <disassembler@dasm.cz>
RUN \ RUN \
# Install NodeJS runtime # Install NodeJS runtime
apk --no-cache add nodejs paxctl \ apk --no-cache add nodejs
# Fix grsec attributes to loosen memory protection restrictions
&& paxctl -cm /usr/bin/node \
# Cleanup
&& apk --no-cache del paxctl
RUN \ RUN \
# Install runtime dependencies # Install runtime dependencies
@ -15,10 +11,7 @@ RUN \
RUN \ RUN \
# Install build dependencies for ODK Build # Install build dependencies for ODK Build
apk --no-cache add --virtual .deps build-base git linux-headers openjdk8-jre-base paxctl postgresql-dev \ apk --no-cache add --virtual .deps build-base git linux-headers openjdk8-jre-base postgresql-dev \
# Fix grsec attributes to loosen memory protection restrictions
&& paxctl -cm /usr/lib/jvm/java-1.8-openjdk/jre/bin/java \
&& paxctl -cm /usr/lib/jvm/java-1.8-openjdk/bin/java \
# Clone ODK Build # Clone ODK Build
&& git clone --depth 1 https://github.com/opendatakit/build /srv/opendatakit-build \ && git clone --depth 1 https://github.com/opendatakit/build /srv/opendatakit-build \
# Install Ruby dependencies # Install Ruby dependencies

6
openmapkit/Dockerfile
View File

@ -3,11 +3,7 @@ MAINTAINER Disassembler <disassembler@dasm.cz>
RUN \ RUN \
# Install NodeJS runtime # Install NodeJS runtime
apk --no-cache add nodejs paxctl \ apk --no-cache add nodejs
# Fix grsec attributes to loosen memory protection restrictions
&& paxctl -cm /usr/bin/node \
# Cleanup
&& apk --no-cache del paxctl
RUN \ RUN \
# Install runtime dependencies # Install runtime dependencies