docker-archivebox icon indicating copy to clipboard operation
docker-archivebox copied to clipboard

Published 20 hours ago verified publisher icon ArchiveBox

Include paxtest in the image

Open thedeadliestcatch opened this issue 1 year ago • 0 comments

Hi,

It would be convenient to have paxtest included in the image:

FROM ${DOCKER_IMAGE:-archivebox/archivebox:master}

RUN apt-get update && apt-get install -y \
    paxctl && rm -rf /var/lib/apt/lists/*

RUN paxctl -cm /usr/bin/node

When running node applications in hardened environments (or building them in such environments) 'node' needs to be able to create memory mappings for JIT. It's a security trade-off, thus you can likely skip adding the paxctl step. This will make it easier to build/adjust the images in network-restricted environments.

thedeadliestcatch avatar Apr 13 '24 04:04 thedeadliestcatch