Added example config for tomcat

author Adam Carheden <carheden@google.com>

Tue, 12 Feb 2019 19:31:40 +0000 (12:31 -0700)

committer Adam Carheden <carheden@google.com>

Wed, 27 Feb 2019 21:11:49 +0000 (14:11 -0700)
author Adam Carheden <carheden@google.com>
Tue, 12 Feb 2019 19:31:40 +0000 (12:31 -0700)
committer Adam Carheden <carheden@google.com>
Wed, 27 Feb 2019 21:11:49 +0000 (14:11 -0700)
diff --git a/configs/tomcat8.cfg b/configs/tomcat8.cfg

new file mode 100644 (file)

index 0000000..f735103
--- /dev/null
+++ b/configs/tomcat8.cfg
@@ -0,0 +1,132 @@
+name: "tomcat8"
+description: "Tested under Ubuntu 16.04 with tomcat8=8.0.32-1ubuntu1.9,"
+description: "libnl-route-3-200=3.2.27-1ubuntu0.16.04.1,"
+description: "libprotobuf9v5=2.6.1-1.3,"
+description: "openjdk-8-jre=8u191-b12-2ubuntu0.16.04.1. "
+description: "Run as: sudo ./nsjail --config configs/tomcat.cfg"
+
+mode: ONCE
+hostname: "TOMCAT-NSJ"
+
+envar: "JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre"
+envar: "JVM_TMP=/tmp"
+envar: "CATALINA_TMPDIR=/tmp"
+envar: "CATALINA_HOME=/usr/share/tomcat8"
+envar: "CATALINA_BASE=/var/lib/tomcat8"
+envar: "CATALINA_OPTS=-server -XX:+UseParallelGC"
+envar: "JAVA_OPTS=-Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Xms256M -Xmx512M -Djava.security.egd=file:/dev/./urandom"
+
+rlimit_as: 2048
+rlimit_fsize: 1024
+rlimit_cpu_type: INF
+rlimit_nofile: 1024
+
+time_limit: 0
+
+cap: "CAP_NET_BIND_SERVICE"
+
+uidmap {
+       inside_id: "tomcat8"
+       outside_id: "tomcat8"
+}
+
+gidmap {
+       inside_id: "tomcat8"
+       outside_id: "tomcat8"
+}
+
+mount_proc: false
+
+mount {
+       src: "/etc/tomcat8"
+       dst: "/etc/tomcat8"
+       is_bind: true
+       rw: false
+}
+
+mount {
+       src: "/var/lib/tomcat8"
+       dst: "/var/lib/tomcat8"
+       is_bind: true
+       rw: true
+}
+
+mount {
+       src: "/var/log/tomcat8"
+       dst: "/var/log/tomcat8"
+       is_bind: true
+       rw: true
+}
+
+mount {
+       src: "/var/cache/tomcat8"
+       dst: "/var/cache/tomcat8"
+       is_bind: true
+       rw: true
+}
+
+mount {
+       src: "/usr/share/tomcat8"
+       dst: "/usr/share/tomcat8"
+       is_bind: true
+       rw: false
+}
+
+
+mount {
+       src: "/bin"
+       dst: "/bin"
+       is_bind: true
+       rw: false
+}
+
+mount {
+       src: "/lib"
+       dst: "/lib"
+       is_bind: true
+       rw: false
+}
+
+mount {
+       src: "/lib64"
+       dst: "/lib64"
+       is_bind: true
+       rw: false
+}
+
+mount {
+       src: "/usr/bin"
+       dst: "/usr/bin"
+       is_bind: true
+       rw: false
+}
+
+mount {
+       src: "/usr/lib"
+       dst: "/usr/lib"
+       is_bind: true
+       rw: false
+}
+mount {
+       src: "/usr/share/java"
+       dst: "/usr/share/java"
+       is_bind: true
+       rw: false
+}
+
+mount {
+       dst: "/tmp"
+       fstype: "tmpfs"
+       rw: true
+}
+
+mount {
+       dst: "/proc"
+       fstype: "proc"
+       rw: false
+}
+
+exec_bin {
+       path: "/usr/share/tomcat8/bin/catalina.sh"
+       arg : "run"
+}
author	Adam Carheden <carheden@google.com>
	Tue, 12 Feb 2019 19:31:40 +0000 (12:31 -0700)
committer	Adam Carheden <carheden@google.com>
	Wed, 27 Feb 2019 21:11:49 +0000 (14:11 -0700)