-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
- Loading branch information
Showing
1 changed file
with
9 additions
and
52 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,57 +1,14 @@ | ||
| FROM ubuntu:16.04 | ||
| MAINTAINER DevOps "[email protected]" | ||
|
|
||
| # Add an isolated user | ||
| # /home/work: actual working directory for user codes | ||
| # /home/sorna: place for Python and REPL script | ||
| RUN adduser --disabled-password --gecos "" work | ||
| RUN chmod 700 /home/work | ||
| RUN mkdir /home/sorna | ||
| RUN chmod 755 /home/sorna | ||
| RUN chown -R work:work /home/sorna | ||
|
|
||
| ENV DEBIAN_FRONTEND noninteractive | ||
| ENV HOME /home/work | ||
| WORKDIR /home/work | ||
|
|
||
| # Set up the base environment. | ||
| USER root | ||
| RUN sed -i 's/archive\.ubuntu\.com/kr.archive.ubuntu.com/' /etc/apt/sources.list | ||
| RUN echo 'APT::Install-Recommends "false";' >> /etc/apt/apt.conf; \ | ||
| echo 'APT::Install-Suggests "false";' >> /etc/apt/apt.conf | ||
| RUN apt-get update | ||
| RUN apt-get install -y --only-upgrade tzdata | ||
| RUN apt-get install -y build-essential git-core curl wget ca-certificates libseccomp2 libzmq3-dev | ||
| CMD /home/sorna/run.sh | ||
| FROM lablup/kernel-base:latest | ||
|
|
||
| # Install PHP 7.0 | ||
| RUN apt-get install -y language-pack-en-base python-software-properties software-properties-common | ||
| ENV LC_ALL=en_US.UTF-8 | ||
| RUN apt-get install -y php7.0-cli php7.0-gd php7.0-sqlite3 php7.0-dev php-pear | ||
| RUN apt-get install -y pkg-config libzmq3-dev | ||
| RUN echo '' | pecl install zmq-beta | ||
| RUN echo 'extension=zmq.so' > /etc/php/7.0/cli/conf.d/20-zmq.ini | ||
|
|
||
| # Secure installation scripts | ||
| USER root | ||
| ADD run.sh /home/sorna/run.sh | ||
| ADD jail /home/sorna/jail | ||
| ADD intra-jail /home/sorna/intra-jail | ||
| RUN chown root:root /home/sorna/*.sh /home/sorna/jail /home/sorna/intra-jail | ||
| RUN chmod 600 /home/sorna/*.sh | ||
| RUN chmod 755 /home/sorna/run.sh /home/sorna/jail /home/sorna/intra-jail | ||
| ADD patch-libs.so /home/sorna/patch-libs.so | ||
| ENV LD_PRELOAD /home/sorna/patch-libs.so | ||
|
|
||
| VOLUME ["/home/work"] | ||
| EXPOSE 2000 2001 | ||
|
|
||
| LABEL io.sorna.timeout="10" | ||
| LABEL io.sorna.maxmem="128m" | ||
| LABEL io.sorna.maxcores="1" | ||
| LABEL io.sorna.mode="query" | ||
| LABEL io.sorna.envs.corecount="OPENBLAS_NUM_THREADS,NPROC" | ||
| LABEL io.sorna.version="2" | ||
| RUN apk add --no-cache --virtual .build-deps build-base zeromq-dev pkgconf autoconf automake \ | ||
| && apk add --no-cache php7 php7-dev php7-xml php7-pcntl php7-pear zeromq php7-iconv php7-zlib php7-json php7-gd php7-sqlite3 \ | ||
| # PECL patch (ref: http://stackoverflow.com/questions/40999752) | ||
| && sed -i "$ s|\-n||g" /usr/bin/pecl \ | ||
| && echo '' | pecl install zmq-beta \ | ||
| && echo 'extension=zmq.so' >> /etc/php7/php.ini \ | ||
| && apk del .build-deps | ||
|
|
||
| ADD run.php /home/sorna/run.php | ||
| USER work | ||
| CMD ["/home/sorna/jail", "default", "/usr/bin/php7", "/home/sorna/run.php"] |