-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
36 lines (31 loc) · 1.22 KB
/
Dockerfile
File metadata and controls
36 lines (31 loc) · 1.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
FROM python:3.11-slim-bookworm
WORKDIR /app
# !! SECURITY NOTICE !!
# ADRG requires privileged access to function. To write cgroup v2 control
# files and manage container resources, the container must be run with:
# --privileged
# This grants ADRG full control over the host kernel's resource management
# subsystem. It is the same level of access required by any tool that writes
# to /sys/fs/cgroup/. This is not a flaw in ADRG — it is an inherent
# requirement of the Linux cgroup interface.
#
# Recommendation: audit this codebase before running it. ADRG is fully
# open source for this reason.
#
# Minimal run example:
# docker run -d \
# --name adrg \
# --privileged \
# -v /var/run/docker.sock:/var/run/docker.sock \
# -v /sys/fs/cgroup:/sys/fs/cgroup \
# -v /proc:/host/proc:ro \
# -v /etc/adrg/config.yaml:/app/config.yaml:ro \
# --env-file /etc/adrg/adrg.env \
# ghcr.io/jaldertech/adrg
# systemd-python is intentionally omitted: it requires libsystemd-dev at
# build time and provides no benefit when running in Docker.
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY adrg.py .
COPY modules/ modules/
CMD ["python3", "adrg.py", "--config", "/app/config.yaml"]