138 lines
2.3 KiB
INI
138 lines
2.3 KiB
INI
name: "apache-with-cloned-net"
|
|
description: "Tested under Ubuntu 17.04. Other Linux distros might "
|
|
description: "use different locations for the Apache's HTTPD configuration "
|
|
description: "files and system libraries"
|
|
description: "Run as: sudo ./nsjail --config configs/apache.cfg"
|
|
|
|
mode: ONCE
|
|
hostname: "APACHE-NSJ"
|
|
|
|
rlimit_as: 1024
|
|
rlimit_fsize: 1024
|
|
rlimit_cpu_type: INF
|
|
rlimit_nofile: 64
|
|
|
|
time_limit: 0
|
|
|
|
cap: "CAP_NET_BIND_SERVICE"
|
|
|
|
envar: "APACHE_RUN_DIR=/run/apache2"
|
|
envar: "APACHE_PID_FILE=/run/apache2/apache2.pid"
|
|
envar: "APACHE_RUN_USER=www-data"
|
|
envar: "APACHE_RUN_GROUP=www-data"
|
|
envar: "APACHE_LOG_DIR=/run/apache2"
|
|
envar: "APACHE_LOCK_DIR=/run/apache2"
|
|
|
|
uidmap {
|
|
inside_id: "1"
|
|
outside_id: "www-data"
|
|
}
|
|
|
|
gidmap {
|
|
inside_id: "1"
|
|
outside_id: "www-data"
|
|
}
|
|
|
|
mount {
|
|
src: "/etc/apache2"
|
|
dst: "/etc/apache2"
|
|
is_bind: true
|
|
}
|
|
mount {
|
|
src: "/etc/mime.types"
|
|
dst: "/etc/mime.types"
|
|
is_bind: true
|
|
}
|
|
mount {
|
|
src: "/etc/localtime"
|
|
dst: "/etc/localtime"
|
|
is_bind: true
|
|
}
|
|
mount {
|
|
src_content: "www-data:x:1:1:www-data:/var/www:/bin/false"
|
|
dst: "/etc/passwd"
|
|
}
|
|
mount {
|
|
src_content: "www-data:x:1:"
|
|
dst: "/etc/group"
|
|
}
|
|
mount {
|
|
dst: "/tmp"
|
|
fstype: "tmpfs"
|
|
rw: true
|
|
}
|
|
mount {
|
|
dst: "/run/apache2"
|
|
fstype: "tmpfs"
|
|
rw: true
|
|
}
|
|
mount {
|
|
src: "/dev/urandom"
|
|
dst: "/dev/urandom"
|
|
is_bind: true
|
|
rw: true
|
|
}
|
|
mount {
|
|
dst: "/dev/shm"
|
|
fstype: "tmpfs"
|
|
rw: true
|
|
}
|
|
mount {
|
|
dst: "/proc"
|
|
fstype: "proc"
|
|
}
|
|
mount {
|
|
src: "/lib64"
|
|
dst: "/lib64"
|
|
is_bind: true
|
|
}
|
|
mount {
|
|
src: "/lib"
|
|
dst: "/lib"
|
|
is_bind: true
|
|
}
|
|
mount {
|
|
src: "/usr/lib"
|
|
dst: "/usr/lib"
|
|
is_bind: true
|
|
}
|
|
mount {
|
|
src: "/var/www/html"
|
|
dst: "/var/www/html"
|
|
is_bind: true
|
|
}
|
|
mount {
|
|
src: "/usr/share/apache2"
|
|
dst: "/usr/share/apache2"
|
|
is_bind: true
|
|
}
|
|
mount {
|
|
src: "/var/lib/apache2"
|
|
dst: "/var/lib/apache2"
|
|
is_bind: true
|
|
}
|
|
mount {
|
|
src: "/usr/sbin/apache2"
|
|
dst: "/usr/sbin/apache2"
|
|
is_bind: true
|
|
}
|
|
|
|
seccomp_string: " POLICY example {"
|
|
seccomp_string: " KILL {"
|
|
seccomp_string: " ptrace,"
|
|
seccomp_string: " process_vm_readv,"
|
|
seccomp_string: " process_vm_writev"
|
|
seccomp_string: " }"
|
|
seccomp_string: " }"
|
|
seccomp_string: " USE example DEFAULT ALLOW"
|
|
|
|
macvlan_iface: "enp0s31f6"
|
|
macvlan_vs_ip: "192.168.10.223"
|
|
macvlan_vs_nm: "255.255.255.0"
|
|
macvlan_vs_gw: "192.168.10.1"
|
|
|
|
exec_bin {
|
|
path: "/usr/sbin/apache2"
|
|
arg : "-DFOREGROUND"
|
|
}
|