freeipa/ipatests/azure/Dockerfiles/docker-compose.yml
Stanislav Levin 958e245813 Azure: Add custom seccomp profile
This allows to override the default seccomp profile.
Custom profile was generated from the default one [0] by adding one
allowed system call 'clock_adjtime'. This one is indirectly used by
chronyd with recent glibc2.31.

[0]: https://github.com/containers/libpod/blob/master/seccomp.json

Fixes: https://pagure.io/freeipa/issue/8316
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-05-12 09:51:50 +02:00

59 lines
1.2 KiB
YAML

version: '2.1'
services:
master:
image: ${IPA_DOCKER_IMAGE}
build: .
cap_add:
- ALL
security_opt:
- apparmor:unconfined
- seccomp:./seccomp.json
mem_limit: 1900m
volumes:
- /sys/fs/cgroup/systemd:/sys/fs/cgroup/systemd
- ./ipa-test-config.yaml:/root/.ipa/ipa-test-config.yaml:ro
- ${BUILD_REPOSITORY_LOCALPATH}:${IPA_TESTS_REPO_PATH}
networks:
- ${IPA_NETWORK}
replica:
image: ${IPA_DOCKER_IMAGE}
build: .
cap_add:
- ALL
security_opt:
- apparmor:unconfined
- seccomp:./seccomp.json
mem_limit: 1900m
volumes:
- /sys/fs/cgroup/systemd:/sys/fs/cgroup/systemd
networks:
- ${IPA_NETWORK}
client:
image: ${IPA_DOCKER_IMAGE}
build: .
cap_add:
- ALL
security_opt:
- apparmor:unconfined
- seccomp:./seccomp.json
mem_limit: 536870912
volumes:
- /sys/fs/cgroup/systemd:/sys/fs/cgroup/systemd
# nfs server
- ./exports:/exports
- /lib/modules:/lib/modules:ro
networks:
- ${IPA_NETWORK}
networks:
ipanet:
driver: bridge
enable_ipv6: true
ipam:
driver: default
config:
- subnet: ${IPA_IPV6_SUBNET}