infra
/
cfg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8 Commits
1 Branch
0 Tags
336 KiB
CUE 85.7%
Shell 11.3%
Jinja 3%
 
 
 
Go to file
Dustin be1042cda7 nut: Do not run as privileged container 
The only privilege NUT needs is access to the USB device nodes.  Using a
device CGroup rule to allow this is significantly better than disabling
all restrictions.  Especially since I discovered that `--privileged`
implies `--security-opt label=disable`, effectively disabling SELinux
confinement of the container.
 		2024-01-14 19:24:55 -06:00
app/nut Initial commit 2024-01-14 19:24:55 -06:00
host nut: Apply udev rules on the host 2024-01-14 19:24:55 -06:00
pkg nut: Apply udev rules on the host 2024-01-14 19:24:55 -06:00
templates nut: Do not run as privileged container 2024-01-14 19:24:55 -06:00
.editorconfig Initial commit 2024-01-14 19:24:55 -06:00
.gitignore Initial commit 2024-01-14 19:24:55 -06:00
Containerfile container: Symlink /etc/{passwd,group} to /host 2024-01-14 19:24:55 -06:00
config.sh Add Containerfile 2024-01-14 19:24:55 -06:00
kcl.mod Initial commit 2024-01-14 19:24:55 -06:00
kcl.mod.lock Initial commit 2024-01-14 19:24:55 -06:00
nsenter.sh Add Containerfile 2024-01-14 19:24:55 -06:00