Nothing too shabby, but still. To run it you need docker, and after that just type

docker run -it --rm --log-driver none --read-only --net none --cap-drop=ALL --security-opt=no-new-privileges defnotgustavom/pixfire4

…and you will be greeted with a little, small, very pixelated bonfire.

“Why docker and not just a simple command?”

Mostly because of those two flags: --read-only and --net none. Can’t get better than this. :^)

This also came up while in a self-learning process, but I don’t want to “flex” it here.

  • @blotz
    link
    10
    edit-2
    1 year ago

    What is the original size of the program before docker?

    edit: Also the docker sandbox is not perfect for running unsafe programs. You could still have programs slow down your entire system by taking as many resources as possible. eg. forkbombs.

    • @[email protected]
      link
      fedilink
      51 year ago

      Doesn’t docker have a flag for limiting system usage? Like max mem, cores/threads etc? I swear I remember using something like this before.

      • @blotz
        link
        21 year ago

        Linux has ulimit so I assume docker does aswell