public/seccomp-sandbox
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
seccomp-sandbox/build/Dockerfile.ubuntu-build-with-tracer
guochao d132a3d6b8 add a tracer container
2023-11-21 19:37:15 +08:00

51 lines
2.0 KiB
Docker
Raw Blame History

ARG REGISTRY=docker.io
ARG BASE_IMAGE=library/ubuntu:20.04
ARG ONLYOFFICE_IMAGE=onlyoffice/documentserver:7.5
FROM ${REGISTRY}/${BASE_IMAGE} as base
FROM base as runtime-slim-base
RUN apt update && apt install libseccomp2 -y && rm -rf /var/apt
FROM ${REGISTRY}/${ONLYOFFICE_IMAGE} as runtime-base
RUN apt update && apt install libseccomp2 -y && rm -rf /var/apt
FROM base as builder-base
RUN ln -svf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && apt update && apt install build-essential libseccomp-dev curl pkg-config -y
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | bash -s - -y
COPY Cargo.toml Cargo.lock build.rs /src/
COPY src /src/src
COPY x2t-sandbox-rulegen /src/x2t-sandbox-rulegen
WORKDIR /src
FROM builder-base as tracer-builder
RUN /root/.cargo/bin/cargo build --release --features tracing-mode
FROM runtime-slim-base as runtime-tracer
COPY --from=tracer-builder /src/target/release/x2t-sandbox /usr/local/bin/x2t-sandbox
ENTRYPOINT ["/usr/local/bin/x2t-sandbox"]
FROM runtime-base as tracer-generate-syscalls
COPY data /data
COPY --from=tracer-builder /src/target/release/x2t-sandbox /usr/local/bin/x2t-sandbox
RUN bash -c 'set -euo pipefail; for filename in $(ls /data/ | grep "\.xml$"); do /usr/local/bin/x2t-sandbox -l $filename.out /var/www/onlyoffice/documentserver/server/FileConverter/bin/x2t /data/$filename; done'
RUN cat *.out | sort | uniq > x2t-syscalls.txt
FROM builder-base as sandbox-builder
COPY --from=tracer-generate-syscalls /x2t-syscalls.txt /src/x2t-syscalls.txt
RUN /root/.cargo/bin/cargo build --release --features tracing-mode
FROM runtime-base as onlyoffice-output
COPY --from=sandbox-builder /src/target/release/x2t-sandbox /usr/local/bin/x2t-sandbox
FROM base as copy-tracer-to-data
COPY --from=tracer-builder /src/target/release/x2t-sandbox /x2t-sandbox
CMD ["cp", "-v", "x2t-sandbox", "/data/x2t-sandbox"]
FROM base as copy-to-data
COPY --from=sandbox-builder /src/target/release/x2t-sandbox /x2t-sandbox
CMD ["cp", "-v", "x2t-sandbox", "/data/x2t-sandbox"]
Reference in New Issue View Git Blame Copy Permalink