Giter Site home page Giter Site logo

efuzy / ydb Goto Github PK

View Code? Open in Web Editor NEW

This project forked from yottadb/ydb

0.0 0.0 0.0 27.43 MB

License: Other

CMake 0.15% M 51.00% Assembly 1.46% C 45.35% Objective-C 0.17% Shell 0.96% C++ 0.83% Makefile 0.03% Awk 0.03% XC 0.01% sed 0.01% Dockerfile 0.01%

ydb's Introduction

Running fuz container

Run Binary

Docker Hub has prebuilt Efuzy images. You must have at least docker 17.05. Pull an image with binaries built from the latest source code:

docker pull efuzy/fuz:latest

Or Build One

docker build -t efuzy/fuz:latest .

Then Run it

docker run -it -v /db:/data --network=host -e ydb_chset=utf-8  --restart unless-stopped --name=fuz efuzy/fuz:latest

- it       => interactive
- v        =>  map the folder /db on the host to folder /data in the container, where the actual db         is stored, along with the routine source, and generated object code
--name     => name the container
--network  => basically socket is attached straight to the process as if there is no                      container overhead 
- e        => set ydb_chset environment variable

Note: You may need to use “sudo docker” in place of “docker” on some platforms depending on the permissions of the docker socket.

If you want to access the database from multiple containers (e.g., to add containers with a tool such as Kubernetes), they will need to share IPC resources and pids. So use a command such as


--ipc host 
--pid host

https://docs.docker.com/engine/reference/run/#ipc-settings---ipc

--ipc=host removes a layer of security and creates new attack vectors as any application running on the host that misbehaves when presented with malicious data in shared memory segments can become a potential attack vector but as long as your image of the container is from a reliable source it shouldn't affect your host.

Performance-sensitive programs use shared memory to store and exchange volatile data (x11 frame buffers are one example). In your case the non-root user in the container has access to the x11 server shared memory.

Running as non-root inside the container should somewhat limit unauthorized access, assuming correct permissions are set on all shared objects. Nonetheless if an attacker gained root privileges inside your container they would have access to all shared objects owned by root (some objects might still be restricted by the IPC_OWNER capability which is not enabled by default).

ydb's People

Contributors

nars1 avatar estess avatar sljohnson1 avatar shabiel avatar aa325 avatar bradwesthafer avatar ksbhaskar avatar christopheredwards avatar zylog1o1 avatar ztmr avatar jyn514 avatar chathaway-codes avatar kdrozd avatar ashok-bhaskar-yottadb avatar efuzy avatar littlecatspb avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.