examples/apache: formatting with clang-format

author Robert Swiecki <robert@swiecki.net>

Fri, 7 Jul 2017 00:34:57 +0000 (02:34 +0200)

committer Robert Swiecki <robert@swiecki.net>

Fri, 7 Jul 2017 00:34:57 +0000 (02:34 +0200)
author Robert Swiecki <robert@swiecki.net>
Fri, 7 Jul 2017 00:34:57 +0000 (02:34 +0200)
committer Robert Swiecki <robert@swiecki.net>
Fri, 7 Jul 2017 00:34:57 +0000 (02:34 +0200)
diff --git a/configs/apache.cfg b/configs/apache.cfg

new file mode 100644 (file)

index 0000000..1e65a71
--- /dev/null
+++ b/configs/apache.cfg
@@ -0,0 +1,154 @@
+name: "apache-with-cloned-net"
+description:
+"Works under Ubuntu 17.04. Other Linux distros might have different
+location of the Apache's HTTPD configuration files and system
+libraries.
+
+On the basis of (GitHub's) @farconada work in:
+https://github.com/google/nsjail/issues/31
+
+Run as: sudo ./nsjail --config configs/apache.cfg
+"
+
+mode: ONCE
+hostname: "APACHE-NSJ"
+
+rlimit_as: 1024
+rlimit_cpu: 1000
+rlimit_fsize: 1024
+rlimit_nofile: 16
+
+envar: "APACHE_RUN_DIR=/run/apache2"
+envar: "APACHE_PID_FILE=/run/apache2/apache2.pid"
+envar: "APACHE_RUN_USER=www-data"
+envar: "APACHE_RUN_GROUP=www-data"
+envar: "APACHE_LOG_DIR=/run/apache2"
+
+cap: "CAP_NET_BIND_SERVICE"
+
+time_limit: 0
+
+uidmap {
+       inside_id: "1"
+       outside_id: "www-data"
+}
+
+gidmap {
+       inside_id: "1"
+       outside_id: "www-data"
+}
+
+mount {
+       src: "/etc/apache2"
+       dst: "/etc/apache2"
+       is_bind: true
+}
+mount {
+       src: "/etc/ld.so.cache"
+       dst: "/etc/ld.so.cache"
+       is_bind: true
+}
+mount {
+       src: "/etc/hosts"
+       dst: "/etc/hosts"
+       is_bind: true
+}
+mount {
+       src: "/etc/mime.types"
+       dst: "/etc/mime.types"
+       is_bind: true
+}
+mount {
+       src: "/etc/localtime"
+       dst: "/etc/localtime"
+       is_bind: true
+}
+mount {
+       src_content: "www-data:x:1:1:www-data:/var/www:/bin/false"
+       dst: "/etc/passwd"
+}
+mount {
+       src_content: "www-data:x:1:"
+       dst: "/etc/group"
+}
+mount {
+       src: "/lib64"
+       dst: "/lib64"
+       is_bind: true
+}
+mount {
+       src: "/lib"
+       dst: "/lib"
+       is_bind: true
+}
+mount {
+       src: "/usr/lib"
+       dst: "/usr/lib"
+       is_bind: true
+}
+mount {
+       src: "/var/www/html"
+       dst: "/var/www/html"
+       is_bind: true
+       rw: true
+}
+mount {
+       dst: "/tmp"
+       fstype: "tmpfs"
+       rw: true
+       is_bind: false
+}
+mount {
+       dst: "/run/apache2"
+       fstype: "tmpfs"
+       rw: true
+       is_bind: false
+}
+mount {
+    src: "/dev/urandom"
+    dst: "/dev/urandom"
+    is_bind: true
+    rw: true
+}
+mount {
+    dst: "/dev/shm"
+    fstype: "tmpfs"
+    rw: true
+    is_bind: false
+}
+mount {
+    dst: "/proc"
+    fstype: "proc"
+}
+mount {
+       src: "/usr/share/apache2"
+       dst: "/usr/share/apache2"
+       is_bind: true
+}
+mount {
+       src: "/usr/sbin/apache2"
+       dst: "/usr/sbin/apache2"
+       is_bind: true
+}
+
+seccomp_string: "
+       POLICY example {
+    KILL
+    {
+        ptrace,
+            process_vm_readv,
+            process_vm_writev
+    }
+       }
+       USE example DEFAULT ALLOW
+"
+
+macvlan_iface: "enp0s31f6"
+macvlan_vs_ip: "192.168.10.223"
+macvlan_vs_nm: "255.255.255.0"
+macvlan_vs_gw: "192.168.10.1"
+
+exec_bin {
+path:
+    "/usr/sbin/apache2" arg : "-DFOREGROUND"
+}
author	Robert Swiecki <robert@swiecki.net>
	Fri, 7 Jul 2017 00:34:57 +0000 (02:34 +0200)
committer	Robert Swiecki <robert@swiecki.net>
	Fri, 7 Jul 2017 00:34:57 +0000 (02:34 +0200)