yocto-shell

No description

Dockerfile 48.5%
Shell 47.9%
Makefile 3.6%

Find a file

Imbus 5abbe4a1c6 Readme		2026-04-08 11:14:04 +02:00
.gitignore	Error checking, make script more flexible	2026-04-07 00:09:32 +02:00
bootstrap-yocto.sh	Script 'bootstrap-yocto' to allow for a demo build	2026-04-07 01:25:17 +02:00
Containerfile	Re-introduce actual yocto build deps in Containerfile	2026-04-07 01:24:59 +02:00
GNUmakefile	Liberate under BSD-2-Clause	2026-04-07 00:43:13 +02:00
LICENSE	Liberate under BSD-2-Clause	2026-04-07 00:43:13 +02:00
README	Readme	2026-04-08 11:14:04 +02:00
yocto-shell	Credits to Jiks and note about compat	2026-04-07 21:57:26 +02:00

README

See tail of 'yocto-shell' script.

Key information documented here:
    https://docs.podman.io/en/stable/markdown/podman-run.1.html#security-opt-option

Docker equivalent for reference:
    https://docs.docker.com/reference/cli/docker/container/run/#security-opt

Grep for "label=disable" and "seccomp=unconfined"
Might be worth considering "apparmor=unconfined"

Additional info about user namespaces here:
    https://docs.podman.io/en/stable/markdown/podman-run.1.html#userns-mode

If uid/gid is hardcoded within the container, and this is a hard requirement to
avoid host contamination, this might not be that interesting. This demo uses:
    "--userns=keep-id"

however:
    "--user $(id -u):$(id -g)"

is also an option. Given strict requirements, perhaps as 1000:1000 instead of
hardcoding in containerfile, and coerce this in 'entrypoint.sh' at runtime.

Gosu alternative in 100 sloc ansi C:
    https://github.com/ncopa/su-exec