https://wiki.ubuntu.com/AppArmor
Apparmor can be used to limit different permissions for a userspace on side of the kernel. In other words we can decide what a program (... inside a docker container) can do. Ubuntu runs apparmor by default. This Readme targets docker and skips the aa_genprof workflow (see: https://www.youtube.com/watch?v=Uq1d60TLebE&t=155s) for standalone applications (Haven't found a way to use it with docker daemon)
To follow these steps you need to install apparmor-utils
Linux namespaces provide isolation for running processes, limiting their access to system resources without the running process being aware of the limitations.
The best way to prevent privilege-escalation attacks from within a container is to configure your container’s applications to run as unprivileged users. For containers whose processes must run as the root user within the container, you can re-map this user to a less-privileged user on the Docker host. The mapped user is assigned a range of UIDs which function within the namespace as normal UIDs from 0 to 65536, but have no privileges on the host machine itself.
In case you did not enable namespaces initially you will loose all of your images and containers after enabling the docker daemon namespaced.
| adf |
| import IIIF from 'ol/source/IIIF.js'; | |
| import IIIFInfo from 'ol/format/IIIFInfo.js'; | |
| import Map from 'ol/Map.js'; | |
| import TileLayer from 'ol/layer/Tile.js'; | |
| import View from 'ol/View.js'; | |
| import { fromLonLat } from 'ol/proj.js'; | |
| const map = new Map({ | |
| target: 'map', |
For local testing I do use geonode paver on port 8000 and a Keycloak server started with docker on port 8090:
docker run -p 8090:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:12.0.1
https://www.keycloak.org/getting-started/getting-started-docker
marsianer
| [ | |
| { | |
| "domain_content": false, | |
| "domain_data": false, | |
| "domain_software": false, | |
| "family": "", | |
| "id": "notspecified", | |
| "is_generic": true, | |
| "maintainer": "", | |
| "od_conformance": "not reviewed", |
| "113": { | |
| "id": 113, | |
| "name": "occipital-bone", | |
| "label": "Occipital bone", | |
| "svgid": "bone379", | |
| "amount": "<75%", | |
| "section": "cranial_district" | |
| }, | |
| Occipital bone | |
| https://dai-gn-test.csgis.de/daard/boneimage?copy_id=1&show_help=1&bones={"affected":["379"]} | |
| Frontal bone | |
| https://dai-gn-test.csgis.de/daard/boneimage?copy_id=1&show_help=1&bones={"affected":["152"]} | |
| Temporal Bone right | |
| https://dai-gn-test.csgis.de/daard/boneimage?copy_id=1&show_help=1&bones={"affected":["200","171"]} | |
| Temporal Bone left |
| #!/bin/bash | |
| # Set to 'true' for a dry run, 'false' to actually copy files | |
| DRY_RUN=true | |
| geoserver_data_dir='/geoserver_data/data/workspaces/geonode/' | |
| uploaded_data_dir='/mnt/volumes/statics/uploaded' | |
| importer_data='/geoserver_data/data/geonode/importer_data' | |
| date_filter="2024-01-19" # Find only coverage files after |
| { | |
| "2": { | |
| "id": 2, | |
| "name": "splanchnocranium", | |
| "label": "Splanchnocranium", | |
| "svgid": "bone154,bone155,bone156,bone163,bone157,bone165,bone169,bone168,bone187,bone178,bone191,bone177,bone196,bone198,bone201,bone202", | |
| "amount": ">75%", | |
| "section": "cranial_district" | |
| }, | |
| "3": { |