name: "apache-with-cloned-net"
description: "Tested under Ubuntu 17.04. Other Linux distros might "
description: "use different locations for the Apache's HTTPD configuration "
description: "files and system libraries"
description: "Run as: sudo ./nsjail --config configs/apache.cfg"

mode: ONCE
hostname: "APACHE-NSJ"

rlimit_as: 1024
rlimit_fsize: 1024
rlimit_cpu_type: INF
rlimit_nofile: 64

time_limit: 0

cap: "CAP_NET_BIND_SERVICE"

envar: "APACHE_RUN_DIR=/run/apache2"
envar: "APACHE_PID_FILE=/run/apache2/apache2.pid"
envar: "APACHE_RUN_USER=www-data"
envar: "APACHE_RUN_GROUP=www-data"
envar: "APACHE_LOG_DIR=/run/apache2"
envar: "APACHE_LOCK_DIR=/run/apache2"

uidmap {
	inside_id: "1"
	outside_id: "www-data"
}

gidmap {
	inside_id: "1"
	outside_id: "www-data"
}

mount {
	src: "/etc/apache2"
	dst: "/etc/apache2"
	is_bind: true
}
mount {
	src: "/etc/mime.types"
	dst: "/etc/mime.types"
	is_bind: true
}
mount {
	src: "/etc/localtime"
	dst: "/etc/localtime"
	is_bind: true
}
mount {
	src_content: "www-data:x:1:1:www-data:/var/www:/bin/false"
	dst: "/etc/passwd"
}
mount {
	src_content: "www-data:x:1:"
	dst: "/etc/group"
}
mount {
	dst: "/tmp"
	fstype: "tmpfs"
	rw: true
}
mount {
	dst: "/run/apache2"
	fstype: "tmpfs"
	rw: true
}
mount {
	src: "/dev/urandom"
	dst: "/dev/urandom"
	is_bind: true
	rw: true
}
mount {
	dst: "/dev/shm"
	fstype: "tmpfs"
	rw: true
}
mount {
	dst: "/proc"
	fstype: "proc"
}
mount {
	src: "/lib64"
	dst: "/lib64"
	is_bind: true
}
mount {
	src: "/lib"
	dst: "/lib"
	is_bind: true
}
mount {
	src: "/usr/lib"
	dst: "/usr/lib"
	is_bind: true
}
mount {
	src: "/var/www/html"
	dst: "/var/www/html"
	is_bind: true
}
mount {
	src: "/usr/share/apache2"
	dst: "/usr/share/apache2"
	is_bind: true
}
mount {
	src: "/var/lib/apache2"
	dst: "/var/lib/apache2"
	is_bind: true
}
mount {
	src: "/usr/sbin/apache2"
	dst: "/usr/sbin/apache2"
	is_bind: true
}

seccomp_string: "	KILL {"
seccomp_string: "		ptrace,"
seccomp_string: "		process_vm_readv,"
seccomp_string: "		process_vm_writev"
seccomp_string: "	}"
seccomp_string: "	DEFAULT ALLOW"

macvlan_iface: "enp0s31f6"
macvlan_vs_ip: "192.168.10.223"
macvlan_vs_nm: "255.255.255.0"
macvlan_vs_gw: "192.168.10.1"

exec_bin {
	path: "/usr/sbin/apache2"
	arg : "-DFOREGROUND"
}