run this to get a container that is only able to read the host filesystem for security monitoring software - Cacher Snippet

5/27/2018 - 2:27 PM

run this to get a container that is only able to read the host filesystem for security monitoring software

run this to get a container that is only able to read the host filesystem for security monitoring software

rkt_filesystem_watcher.sh

#!/bin/bash
# run this to get a container that is only able to read the host filesystem for security monitoring software
# by: Cody Kochmann

sudo rkt run --interactive --volume root,kind=host,source=/,readOnly=true --mount volume=root,target=/media/root --dns=8.8.8.8 quay.io/coreos/alpine-sh