Jakub Jirutka jirutka

## provisioning-unprivileged-lxc-containers-via-login-or-script.md

      
              1 file
            
          
              1 fork
            
          
              4 comments
            
          
              32 stars
            
          
                julianlam
                / provisioning-unprivileged-lxc-containers-via-login-or-script.md
            
            
              Last active
              September 7, 2023 12:45
            
              
                Provisioning and usage of unprivileged LXC containers via indirect login or script #blog
              
          
    Provisioning and usage of unprivileged LXC containers via indirect login or script

As I've discovered, managing LXC containers is fairly straightforward, but when building out a system for provisioning out user maintained instances of NodeBB, it was imperative that unprivileged LXC containers were used, so that in the event of shell breakout from NodeBB followed by privilege escalation of the saas user, the root user in the LXC container would only be an unprivileged user on the host machine.
During the course of development, I ran into numerous blockers when it came to managing LXC containers in unexpected circumstances. Namely:

Using LXC in a subshell is not directly supported. This usually happens under one of the following two circumstances:

After switching users via su or executing lxc-* commands as another user via sudo
Executing lxc-* commands via a program, application, or script. In my case, a Node.js application.


## asciidoc.css
* {
    font-size: 12pt;
    font-family: monospace;
    font-weight: normal;
    font-style: normal;
    text-decoration: none;
    color: black;
    cursor: default;
}

## response.md

      
              1 file
            
          
              2 forks
            
          
              5 comments
            
          
              43 stars
            
          
                myronmarston
                / response.md
            
            
              Last active
              April 6, 2022 19:47
            
              
                In response to http://tenderlovemaking.com/2015/01/23/my-experience-with-minitest-and-rspec.html
              
          
I highly suspect that the RSpec core team all use black backgrounds in
their terminals because sometimes the colors aren’t so nice on my
white terminal

I certainly use a black background. I'm not sure about the other RSpec
core folks. Regardless, if there are some color changes we can make that
would make output look good on a larger variety of backgrounds, we'll
certainly consider that (do you have some suggested changes?).
In the meantime, the colors are configurable, so you can change the colors
to fit your preferences on your machine.  First, create a file at

  
## spock-like.rb
module Ruby
  module Spock
    def spec(description, definition = nil, &proc_definition)
      raise ArgumentError if [ definition, proc_definition ].all? {|d| d.nil? }
      if definition.nil?
        spec_runner(description, proc_definition)
      else
        spec_runner(description, definition)
      end
    end

## disk_types.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              2 stars
            
          
                c4milo
                / disk_types.md
            
            
              Last active
              August 2, 2021 11:31
            
          
    Digesting VMDK spec

Particularly, virtual disks types are very confusing. This document is an attempt to disentangle that and make easier the design of an implementation.
Flat or preallocated disk


Monolithic or one-file: Single flat extent with separate descriptor file. createType: monolithicFlat
Split or multiple files: 2gb preallocated extents or smaller, to account for file system limits. createType: 2GbMaxExtentFlat
VMFS (managed):

Zeroed: Thick (flat) disk on VMFS, with blocks zeroed on first use. createType: vmfsPreallocated


## curry.py
#!/usr/bin/env python


def curry(func):
    """
    Decorator to curry a function, typical usage:

    >>> @curry
    ... def foo(a, b, c):
    ...    return a + b + c

## introrx.md

      
              7 files
            
          
              2517 forks
            
          
              468 comments
            
          
              21899 stars
            
          
                staltz
                / introrx.md
            
            
              Last active
              April 25, 2024 04:18
            
              
                The introduction to Reactive Programming you've been missing
              
          
    The introduction to Reactive Programming you've been missing

(by @andrestaltz)

This tutorial as a series of videos

If you prefer to watch video tutorials with live-coding, then check out this series I recorded with the same contents as in this article: Egghead.io - Introduction to Reactive Programming.


## excon_multipart_form_data.rb
require 'excon'
require 'securerandom'

def multipart_form_data(buildpack_file_path)
  body      = ''
  boundary  = SecureRandom.hex(4)
  data      = File.open(buildpack_file_path)

  data.binmode if data.respond_to?(:binmode)
  data.pos = 0 if data.respond_to?(:pos=)

## Makefile
# Add the following 'help' target to your Makefile
# And add help text after each target name starting with '\#\#'

help:           ## Show this help.
	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'

# Everything below is an example

target00:       ## This message will show up when typing 'make help'
	@echo does nothing

## Rakefile
desc 'Generate deck from Travis CI and publish to GitHub Pages.'
task :travis do
  # if this is a pull request, do a simple build of the site and stop
  if ENV['TRAVIS_PULL_REQUEST'].to_s.to_i > 0
    puts 'Pull request detected. Executing build only.'
    sh 'bundle exec rake build'
    next
  end

  repo = %x(git config remote.origin.url).gsub(/^git:/, 'https:').strip
	* {
	font-size: 12pt;
	font-family: monospace;
	font-weight: normal;
	font-style: normal;
	text-decoration: none;
	color: black;
	cursor: default;
	}
	module Ruby
	module Spock
	def spec(description, definition = nil, &proc_definition)
	raise ArgumentError if [ definition, proc_definition ].all? {\|d\| d.nil? }
	if definition.nil?
	spec_runner(description, proc_definition)
	else
	spec_runner(description, definition)
	end
	end
	#!/usr/bin/env python


	def curry(func):
	"""
	Decorator to curry a function, typical usage:

	>>> @curry
	... def foo(a, b, c):
	... return a + b + c
	require 'excon'
	require 'securerandom'

	def multipart_form_data(buildpack_file_path)
	body = ''
	boundary = SecureRandom.hex(4)
	data = File.open(buildpack_file_path)

	data.binmode if data.respond_to?(:binmode)
	data.pos = 0 if data.respond_to?(:pos=)
	# Add the following 'help' target to your Makefile
	# And add help text after each target name starting with '\#\#'

	help: ## Show this help.
	@fgrep -h "##" $(MAKEFILE_LIST) \| fgrep -v fgrep \| sed -e 's/\\$$//' \| sed -e 's/##//'

	# Everything below is an example

	target00: ## This message will show up when typing 'make help'
	@echo does nothing
	desc 'Generate deck from Travis CI and publish to GitHub Pages.'
	task :travis do
	# if this is a pull request, do a simple build of the site and stop
	if ENV['TRAVIS_PULL_REQUEST'].to_s.to_i > 0
	puts 'Pull request detected. Executing build only.'
	sh 'bundle exec rake build'
	next
	end

	repo = %x(git config remote.origin.url).gsub(/^git:/, 'https:').strip