Light

vpolaris / container_chrony_f36 Goto Github PK

View Code? Open in Web Editor NEW

0.0 1.0 0.0 49 KB

Build Podman isolated container for NTP service based on Chrony and fedora 36

License: GNU General Public License v3.0

Shell 20.52% Dockerfile 79.48%

fedora podman chrony container docker

container_chrony_f36's Introduction

Podman - Minimal Chrony service

Build from a Fedora 36 image with only chrony service implemented as time server. The goal is to reduce surface attack with only few binary tools onboarded, use chrony user to lauch the service and cost size reduced as much as possible.

Prerequisites

You need to build the image on a machine with podman 3.3.1 installed

What the script does ?

Pull a fedora 36 container as helper
Mount a directory to build the chrony image
use fedora container to build the chony service inside the mounted directory
archive the mounted directory in a layer.tar.xz
use the new layer as sysroot directory to build the final image
create 2 tmpfs volume to secure the chrony service
Launch a test container with the local chrony.conf as time source in the most secure way
remove sysroot content

Installation

You can clone the repository or download files

git clone https://github.com/vpolaris/container_chrony_f36.git
cd container_chrony_f36 && chmod u+x install_chronyd.sh 
sudo ./install_chronyd.sh

To schedule the default service use the following command

podman run -d --read-only  \
    --name chrony \
    --publish 123:123/udp \
    --health-cmd 'CMD-SHELL chronyc tracking || exit 1' \
    --health-interval 15m \
    --health-start-period 2m \
    --restart on-failure \
    --volume /etc/chrony.conf:/etc/chrony.conf:ro \
    --volume run_chrony:/run/chrony:Z \
    --volume var_chrony:/var/lib/chrony:rw \
    -t f36:chony

Check

Launch the health check

podman healthcheck run chrony

sources

This is the sites where I found the materials

container_chrony_f36's People

Contributors

Watchers

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.