Pakete updaten
$ sudo apt update
apt https support installieren; vim
$ sudo apt install apt-transport-https ca-certificates curl software-properties-common vim
Docker-Repository GPG Key hinzugügen
{% extends "account/base.html" %} | |
{% load i18n %} | |
{% load bootstrap_tags %} | |
{% load account socialaccount %} | |
{% block head_title %}{% trans "Log in" %}{% endblock %} | |
{% block body_outer %} | |
<div class="page-header"> |
from geonode.people.models import Profile | |
import requests | |
import json | |
# https://mailboxlayer.com/ | |
access_key='your_key' | |
api_url = 'http://apilayer.net/api/check?access_key={0}' | |
base_url = api_url.format(access_key) | |
profiles = Profile.objects.all() |
from django import forms | |
from django.contrib.auth.forms import UserCreationForm | |
from geonode.people.models import Profile | |
class CustomSignupForm(UserCreationForm): | |
first_name = forms.CharField(max_length=30, required=True) | |
last_name = forms.CharField(max_length=30, required=True) | |
email = forms.EmailField(max_length=254) | |
field_order = ['first_name', 'last_name', 'email', 'username'] |
from django.core.management.base import BaseCommand, CommandError | |
from geonode.layers.models import UploadSession | |
from geonode.people.models import Profile | |
from geonode.base.models import ResourceBase | |
from mapstore2_adapter.api.models import MapStoreResource | |
from geonode.base.management.commands.helpers import confirm | |
from geonode.layers.utils import set_layers_permissions | |
class Command(BaseCommand): | |
help = 'Management command to transfer User Data ' \ |
For local testing I do use geonode paver on port 8000 and a Keycloak server started with docker on port 8090:
docker run -p 8090:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:12.0.1
https://www.keycloak.org/getting-started/getting-started-docker
- create a new realm to group our new app and users
marsianer
Full Background: https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability
Content:
- Start
Linux namespaces provide isolation for running processes, limiting their access to system resources without the running process being aware of the limitations.
The best way to prevent privilege-escalation attacks from within a container is to configure your container’s applications to run as unprivileged users. For containers whose processes must run as the root user within the container, you can re-map this user to a less-privileged user on the Docker host. The mapped user is assigned a range of UIDs which function within the namespace as normal UIDs from 0 to 65536, but have no privileges on the host machine itself.
In case you did not enable namespaces initially you will loose all of your images and containers after enabling the docker daemon namespaced.
#include <tunables/global> | |
profile docker-default flags=(attach_disconnected,mediate_deleted) { | |
#include <abstractions/base> | |
network, | |
capability, |
https://wiki.ubuntu.com/AppArmor
Apparmor can be used to limit different permissions for a userspace on side of the kernel. In other words we can decide what a program (... inside a docker container) can do. Ubuntu runs apparmor by default. This Readme targets docker and skips the aa_genprof workflow (see: https://www.youtube.com/watch?v=Uq1d60TLebE&t=155s) for standalone applications (Haven't found a way to use it with docker daemon)
To follow these steps you need to install apparmor-utils