This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '2' | |
services: | |
# Data store | |
db: | |
image: mongo:3.2 | |
volumes: | |
- mongo-data:/data/db | |
expose: | |
- "27017" | |
# Session store |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
logentries: | |
command: '-t 82855f8b-5341-34d5-3e54-12b612c26efa --no-stats' | |
image: 'logentries/docker-logentries' | |
restart: always | |
volumes: | |
- '/var/run/docker.sock:/var/run/docker.sock' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Url on which GitLab will be reachable. | |
## For more details on configuring external_url see: | |
## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/configuration.md#configuring-the-external-url-for-gitlab | |
external_url "https://gitlab.mydomain.com" | |
################ | |
# GitLab Nginx # | |
################ | |
## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/master/doc/settings/nginx.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2016/08/19 13:02:38 [notice] 135#135: signal process started | |
Generating RSA private key, 2048 bit long modulus | |
...............................+++ | |
...........................................................................................+++ | |
e is 65537 (0x10001) | |
Signing certificates from https://acme-v01.api.letsencrypt.org ... | |
Parsing account key... | |
Parsing CSR... | |
Registering account... | |
Registered! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 Raspberry one PI 2 B+ and one PI 3 running Raspbian | |
Version | |
pi@pi2:~ $ docker version | |
Client: | |
Version: 1.12.1 | |
API version: 1.24 | |
Go version: go1.6.3 | |
Git commit: 23cf638 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <tunables/global> | |
profile docker-default flags=(attach_disconnected,mediate_deleted) { | |
#include <abstractions/base> | |
network, | |
capability, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
root@node1:~# aa-status | |
apparmor module is loaded. | |
13 profiles are loaded. | |
13 profiles are in enforce mode. | |
/sbin/dhclient | |
/usr/bin/lxc-start | |
/usr/lib/NetworkManager/nm-dhcp-client.action | |
/usr/lib/NetworkManager/nm-dhcp-helper | |
/usr/lib/connman/scripts/dhclient-script | |
/usr/lib/lxd/lxd-bridge-proxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
root@node1:~# aa-status | |
apparmor module is loaded. | |
13 profiles are loaded. | |
13 profiles are in enforce mode. | |
/sbin/dhclient | |
/usr/bin/lxc-start | |
/usr/lib/NetworkManager/nm-dhcp-client.action | |
/usr/lib/NetworkManager/nm-dhcp-helper | |
/usr/lib/connman/scripts/dhclient-script | |
/usr/lib/lxd/lxd-bridge-proxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# check if access to the file is authorized within the container confined in docker-default AppArmor profile | |
root@4008beda0927:~# cat /proc/sysrq-trigger | |
cat: /proc/sysrq-trigger: Permission denied | |
root@4008beda0927:~# | |
# check if access to the file is authorized within the unconfined container | |
root@9f2173cfd7bc:~# cat /proc/sysrq-trigger | |
cat: /proc/sysrq-trigger: Input/output error | |
root@9f2173cfd7bc:~# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@node ~]# cat /etc/selinux/config | |
# This file controls the state of SELinux on the system. | |
# SELINUX= can take one of these three values: | |
# enforcing - SELinux security policy is enforced. | |
# permissive - SELinux prints warnings instead of enforcing. | |
# disabled - No SELinux policy is loaded. | |
SELINUX=permissive | |
# SELINUXTYPE= can take one of three two values: | |
# targeted - Targeted processes are protected, |
OlderNewer