From 7c1e4e8e88a8d148871fc620f3654257b1311e84 Mon Sep 17 00:00:00 2001 From: Jeffrey Serio Date: Tue, 15 Feb 2022 20:42:32 -0600 Subject: [PATCH] Add ansible, htop, httpie, nmap, wireshark --- README.md | 5 ++++- ansible/Containerfile | 27 ++++++++++++++++++++++++++ htop/Containerfile | 12 ++++++++++++ httpie/Containerfile | 33 +++++++++++++++++++++++++++++++ nmap/Containerfile | 26 +++++++++++++++++++++++++ wireshark/Containerfile | 43 +++++++++++++++++++++++++++++++++++++++++ 6 files changed, 145 insertions(+), 1 deletion(-) create mode 100644 ansible/Containerfile create mode 100644 htop/Containerfile create mode 100644 httpie/Containerfile create mode 100644 nmap/Containerfile create mode 100644 wireshark/Containerfile diff --git a/README.md b/README.md index 60e02c6..7491ff6 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,5 @@ # containerfiles -Containerfiles for Podman images + +These are Containerfiles I use with Podman on libostree-based Fedora distributions. Inspired by [jessfraz/dockerfiles](https://github.com/jessfraz/dockerfiles), but not nearly as bountiful, because these are intended to be used on an immutable ostree host where it is not feasible to run inside a toolbox container. I will eventually convert these to [podenv](https://github.com/podenv/podenv) configuration files, but, for want of more comprehensive documentation, it will take time to decode how Podenv configuration (and Podenv itself) works. + +Feel free to clone this repo and adapt these to your needs! diff --git a/ansible/Containerfile b/ansible/Containerfile new file mode 100644 index 0000000..e213b6d --- /dev/null +++ b/ansible/Containerfile @@ -0,0 +1,27 @@ +# https://www.ansible.com/ +# +# Note: SELinux requires the :Z attribute set on volumes in Podman/Docker. +# +# podman run --rm \ +# -it \ +# -v ${PWD}/hosts:/etc/ansible/hosts:Z \ +# -v ${PWD}/ansible.cfg:/etc/ansible/ansible.cfg:Z \ +# -v ${HOME}/.ssh:/root/.ssh:Z \ +# ansible all -m ping +# +FROM python:3-alpine +LABEL maintainer "Jeffrey Serio " + +RUN builddeps=' \ + musl-dev \ + openssl-dev \ + libffi-dev \ + gcc \ + ' \ + && apk --no-cache add \ + ca-certificates \ + $builddeps \ + && pip install ansible \ + && apk del --purge $builddeps + +ENTRYPOINT [ "ansible" ] diff --git a/htop/Containerfile b/htop/Containerfile new file mode 100644 index 0000000..3c20aae --- /dev/null +++ b/htop/Containerfile @@ -0,0 +1,12 @@ +# htop in podman container +# +# podman run --rm -it \ +# --pid host +# htop +# +FROM alpine:latest +LABEL maintainer "Jeffrey Serio " + +RUN apk --no-cache add htop + +CMD [ "htop" ] diff --git a/httpie/Containerfile b/httpie/Containerfile new file mode 100644 index 0000000..3c2d1c3 --- /dev/null +++ b/httpie/Containerfile @@ -0,0 +1,33 @@ +# httpie podman container +# +# Note: SELinux requires the :Z attribute set on volumes in Podman/Docker +# +# To download a file to the PWD: +# podman run \ +# --rm \ +# -it \ +# -v ${PWD}:/downloads:Z \ +# httpie -d +# +# To see a webpage: +# podman run \ +# --rm \ +# -it \ +# httpie +# +FROM alpine:latest +LABEL maintainer "Jeffrey Serio " + +RUN apk --no-cache add \ + ca-certificates \ + gcc \ + musl-dev \ + python3 \ + python3-dev \ + py3-pip \ + && pip install httpie httpie-unixsocket + +RUN mkdir /downloads +WORKDIR /downloads + +ENTRYPOINT [ "http" ] diff --git a/nmap/Containerfile b/nmap/Containerfile new file mode 100644 index 0000000..b34149b --- /dev/null +++ b/nmap/Containerfile @@ -0,0 +1,26 @@ +# nmap podman container image +# +# Requires rootful podman to access net interfaces +# +# Note: SELinux requires the :Z attribute set when using volumes in Podman/Docker. +# +# sudo podman run -it --rm \ +# --cap-add=NET_RAW \ +# --cap-add=NET_ADMIN \ +# --network host \ +# -v $(pwd):/output:Z \ +# --name nmap \ +# nmap + +FROM fedora:latest +LABEL maintainer "Jeffrey Serio " + +RUN printf "fastestmirror=True\ndeltarpm=True\n" | tee -a /etc/dnf/dnf.conf \ + && dnf install -y nmap nmap-ncat \ + && dnf clean all \ + && mkdir /output + +WORKDIR /output + + +ENTRYPOINT [ "nmap" ] diff --git a/wireshark/Containerfile b/wireshark/Containerfile new file mode 100644 index 0000000..2276727 --- /dev/null +++ b/wireshark/Containerfile @@ -0,0 +1,43 @@ +# Run Wireshark in podman container +# +# Requires rootful podman to access host network. +# +# podman run \ +# --secuirity-opt label=disable \ +# --net=host \ +# --cap-add=NET_RAW \ +# --cap-add=NET_ADMIN \ +# -e PUID=1000 \ +# -e PGID=1000 \ +# -e TZ=America/Chicago \ +# -e DISPLAY=:0 \ +# -e XDG_RUNTIME_DIR=/run/user \ +# -e XDG_SESSION_TYPE=wayland \ +# -e GDK_BACKEND=wayland \ +# -e QT_QPA_PLATFORM=wayland \ +# -e WAYLAND_DISPLAY=wayland-0 \ +# --mount type=tmpfs,destination=/run/user \ +# -v /run/user/1000/wayland-0:/run/user/wayland-0 \ +# -v /tmp/.X11-unix:/tmp/.X11-unix \ +# --name wireshark \ +# wireshark +# +FROM fedora:latest +LABEL maintainer "Jeffrey Serio " + +RUN printf "fastestmirror=True\ndeltarpm=True\n" | tee -a /etc/dnf/dnf.conf +RUN dnf install -y wireshark qt5-qtwayland \ + && dnf clean all + +ENV HOME /home/wireshark +RUN useradd --create-home -g wireshark --home-dir $HOME wireshark \ + && chown -R wireshark:wireshark $HOME + +RUN chown root:wireshark /usr/bin/dumpcap \ + && setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap + +USER wireshark + +WORKDIR /home/wireshark + +ENTRYPOINT [ "wireshark" ]