echoCTF.RED
echoCTF.RED copied to clipboard
echoCTF
Extend target parameters to support more options
Extend target json parameters to support more options. Currently the only option supported is Memory we need to include at least the following:
-
privileged
"Privileged": false, -
DNS options
"DnsOptions": [""], -
SHM Size
ShmSize": 67108864 - Read Only flag https://docs.docker.com/engine/api/v1.24/
Add docker params to limit storage on containers
docker run -it --storage-opt size=120G fedora /bin/bash
StorageOpt: Storage driver options per container. Options can be passed in the form {"size":"120G"}
"HostConfig": {
"StorageOpt": {
"size":"120G"
}
}
POST /v1.24/containers/create HTTP/1.1
Content-Type: application/json
Content-Length: 12345
{
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"FOO=bar",
"BAZ=quux"
],
"Cmd": [
"date"
],
"Entrypoint": "",
"Image": "ubuntu",
"Labels": {
"com.example.vendor": "Acme",
"com.example.license": "GPL",
"com.example.version": "1.0"
},
"Volumes": {
"/volumes/data": {}
},
"Healthcheck":{
"Test": ["CMD-SHELL", "curl localhost:3000"],
"Interval": 1000000000,
"Timeout": 10000000000,
"Retries": 10,
"StartPeriod": 60000000000
},
"WorkingDir": "",
"NetworkDisabled": false,
"MacAddress": "12:34:56:78:9a:bc",
"ExposedPorts": {
"22/tcp": {}
},
"StopSignal": "SIGTERM",
"HostConfig": {
"Binds": ["/tmp:/tmp"],
"Tmpfs": { "/run": "rw,noexec,nosuid,size=65536k" },
"Links": ["redis3:redis"],
"Memory": 0,
"MemorySwap": 0,
"MemoryReservation": 0,
"KernelMemory": 0,
"CpuPercent": 80,
"CpuShares": 512,
"CpuPeriod": 100000,
"CpuQuota": 50000,
"CpusetCpus": "0,1",
"CpusetMems": "0,1",
"IOMaximumBandwidth": 0,
"IOMaximumIOps": 0,
"BlkioWeight": 300,
"BlkioWeightDevice": [{}],
"BlkioDeviceReadBps": [{}],
"BlkioDeviceReadIOps": [{}],
"BlkioDeviceWriteBps": [{}],
"BlkioDeviceWriteIOps": [{}],
"MemorySwappiness": 60,
"OomKillDisable": false,
"OomScoreAdj": 500,
"PidMode": "",
"PidsLimit": -1,
"PortBindings": { "22/tcp": [{ "HostPort": "11022" }] },
"PublishAllPorts": false,
"Privileged": false,
"ReadonlyRootfs": false,
"Dns": ["8.8.8.8"],
"DnsOptions": [""],
"DnsSearch": [""],
"ExtraHosts": null,
"VolumesFrom": ["parent", "other:ro"],
"CapAdd": ["NET_ADMIN"],
"CapDrop": ["MKNOD"],
"GroupAdd": ["newgroup"],
"RestartPolicy": { "Name": "", "MaximumRetryCount": 0 },
"NetworkMode": "bridge",
"Devices": [],
"Sysctls": { "net.ipv4.ip_forward": "1" },
"Ulimits": [{}],
"LogConfig": { "Type": "json-file", "Config": {} },
"SecurityOpt": [],
"StorageOpt": {},
"CgroupParent": "",
"VolumeDriver": "",
"ShmSize": 67108864
},
"NetworkingConfig": {
"EndpointsConfig": {
"isolated_nw" : {
"IPAMConfig": {
"IPv4Address":"172.20.30.33",
"IPv6Address":"2001:db8:abcd::3033",
"LinkLocalIPs":["169.254.34.68", "fe80::3468"]
},
"Links":["container_1", "container_2"],
"Aliases":["server_x", "server_y"]
}
}
}
}
This requires replacing the docker php api we're currently using with a more complete version that provides access to all the options provided by docker api