Skip to content

Instantly share code, notes, and snippets.

View F30's full-sized avatar

Felix Dreissig F30

26 followers · 0 following
View GitHub Profile
@F30
F30 / apparmor-profile.txt
Last active September 11, 2025 13:01
Adjusted version of the default Docker AppArmor profile (see https://github.com/moby/profiles/blob/b8f391e/apparmor/template.go) that allows additional operations required for container image builds within containers. See https://www.codecentric.de/en/knowledge-hub/blog/7-ways-to-replace-kaniko-in-your-container-image-builds for details.
#include <tunables/global>
# Put in "/etc/apparmor.d" and load with:
# apparmor_parser -r -W /etc/apparmor.d/docker-gitlab
profile docker-gitlab flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
network,
capability,
@F30
F30 / seccomp-profile.json
Last active September 11, 2025 13:01
Adjusted version of the default Docker seccomp profile (see https://stackoverflow.com/q/51844955) that allows additional syscalls required for container image builds within containers. See https://www.codecentric.de/en/knowledge-hub/blog/7-ways-to-replace-kaniko-in-your-container-image-builds for details.
// For the GitLab Docker Executor:
// Remove this comment, minimize using `jq -c` and add the result to the Runner config inline(!) like this:
// security_opt = ['seccomp={"defaultAction": ...
{
"defaultAction": "SCMP_ACT_ERRNO",
"defaultErrnoRet": 1,
"archMap": [
{
"architecture": "SCMP_ARCH_X86_64",
@F30
F30 / gpg-list-ownertrust.py
Created September 27, 2017 10:02
List GPG Ownertrust
#!/usr/bin/env python3
import sys
import os
import gnupg
TRUST_LEVEL_MAP = {
'q': '???',