133 lines
2.0 KiB
INI
133 lines
2.0 KiB
INI
name: "tomcat8"
|
|
description: "Tested under Ubuntu 16.04 with tomcat8=8.0.32-1ubuntu1.9,"
|
|
description: "libnl-route-3-200=3.2.27-1ubuntu0.16.04.1,"
|
|
description: "libprotobuf9v5=2.6.1-1.3,"
|
|
description: "openjdk-8-jre=8u191-b12-2ubuntu0.16.04.1. "
|
|
description: "Run as: sudo ./nsjail --config configs/tomcat.cfg"
|
|
|
|
mode: ONCE
|
|
hostname: "TOMCAT-NSJ"
|
|
|
|
envar: "JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre"
|
|
envar: "JVM_TMP=/tmp"
|
|
envar: "CATALINA_TMPDIR=/tmp"
|
|
envar: "CATALINA_HOME=/usr/share/tomcat8"
|
|
envar: "CATALINA_BASE=/var/lib/tomcat8"
|
|
envar: "CATALINA_OPTS=-server -XX:+UseParallelGC"
|
|
envar: "JAVA_OPTS=-Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Xms256M -Xmx512M -Djava.security.egd=file:/dev/./urandom"
|
|
|
|
rlimit_as: 2048
|
|
rlimit_fsize: 1024
|
|
rlimit_cpu_type: INF
|
|
rlimit_nofile: 1024
|
|
|
|
time_limit: 0
|
|
|
|
cap: "CAP_NET_BIND_SERVICE"
|
|
|
|
uidmap {
|
|
inside_id: "tomcat8"
|
|
outside_id: "tomcat8"
|
|
}
|
|
|
|
gidmap {
|
|
inside_id: "tomcat8"
|
|
outside_id: "tomcat8"
|
|
}
|
|
|
|
mount_proc: false
|
|
|
|
mount {
|
|
src: "/etc/tomcat8"
|
|
dst: "/etc/tomcat8"
|
|
is_bind: true
|
|
rw: false
|
|
}
|
|
|
|
mount {
|
|
src: "/var/lib/tomcat8"
|
|
dst: "/var/lib/tomcat8"
|
|
is_bind: true
|
|
rw: true
|
|
}
|
|
|
|
mount {
|
|
src: "/var/log/tomcat8"
|
|
dst: "/var/log/tomcat8"
|
|
is_bind: true
|
|
rw: true
|
|
}
|
|
|
|
mount {
|
|
src: "/var/cache/tomcat8"
|
|
dst: "/var/cache/tomcat8"
|
|
is_bind: true
|
|
rw: true
|
|
}
|
|
|
|
mount {
|
|
src: "/usr/share/tomcat8"
|
|
dst: "/usr/share/tomcat8"
|
|
is_bind: true
|
|
rw: false
|
|
}
|
|
|
|
mount {
|
|
src: "/bin"
|
|
dst: "/bin"
|
|
is_bind: true
|
|
rw: false
|
|
}
|
|
|
|
mount {
|
|
src: "/lib"
|
|
dst: "/lib"
|
|
is_bind: true
|
|
rw: false
|
|
}
|
|
|
|
mount {
|
|
src: "/lib64"
|
|
dst: "/lib64"
|
|
is_bind: true
|
|
rw: false
|
|
}
|
|
|
|
mount {
|
|
src: "/usr/bin"
|
|
dst: "/usr/bin"
|
|
is_bind: true
|
|
rw: false
|
|
}
|
|
|
|
mount {
|
|
src: "/usr/lib"
|
|
dst: "/usr/lib"
|
|
is_bind: true
|
|
rw: false
|
|
}
|
|
|
|
mount {
|
|
src: "/usr/share/java"
|
|
dst: "/usr/share/java"
|
|
is_bind: true
|
|
rw: false
|
|
}
|
|
|
|
mount {
|
|
dst: "/tmp"
|
|
fstype: "tmpfs"
|
|
rw: true
|
|
}
|
|
|
|
mount {
|
|
dst: "/proc"
|
|
fstype: "proc"
|
|
rw: false
|
|
}
|
|
|
|
exec_bin {
|
|
path: "/usr/share/tomcat8/bin/catalina.sh"
|
|
arg : "run"
|
|
}
|