-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
35 lines (25 loc) · 1.16 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
FROM fedora:32 as build
RUN dnf install --nogpgcheck -y \
kernel-headers systemd-devel libgcrypt-devel rpm-devel file-devel file libcap-ng-devel \
libseccomp-devel lmdb-devel python3-devel gcc git autoconf automake libtool uthash-devel make rpm-build
WORKDIR /tmp/fapolicyd
RUN git clone https://github.com/linux-application-whitelisting/fapolicyd.git /tmp/fapolicyd
RUN ./autogen.sh \
&& ./configure --with-audit --disable-shared \
&& make \
&& make dist
RUN mkdir -p /root/rpmbuild/SOURCES/
RUN cp fapolicyd-*.tar.gz /root/rpmbuild/SOURCES/
RUN rpmbuild -ba fapolicyd.spec
RUN du -sh /root/rpmbuild/RPMS/x86_64/fapolicyd-1.*.rpm
# ----------------------------------
FROM fedora:32
RUN dnf install --nogpgcheck -y libgcrypt rpm file libcap-ng libseccomp lmdb python3 \
&& dnf clean all
COPY --from=build /root/rpmbuild/RPMS/x86_64/fapolicyd-1.*.rpm /tmp
RUN rpm -i /tmp/fapolicyd-*.rpm
RUN systemctl enable fapolicyd
RUN mkdir -p /var/lib/fapolicyd /run/fapolicyd /var/log/fapolicyd \
&& touch /var/lib/fapolicyd/data.mdb /var/lib/fapolicyd/lock.mdb \
&& chown -R fapolicyd:0 /var/lib/fapolicyd /run/fapolicyd /var/log/fapolicyd
CMD [ "/sbin/init" ]