Nothing too shabby, but still. To run it you need docker, and after that just type

docker run -it --rm --log-driver none --read-only --net none --cap-drop=ALL --security-opt=no-new-privileges defnotgustavom/pixfire4

…and you will be greeted with a little, small, very pixelated bonfire.

“Why docker and not just a simple command?”

Mostly because of those two flags: --read-only and --net none. Can’t get better than this. :^)

This also came up while in a self-learning process, but I don’t want to “flex” it here.

  • @blotz
    link
    10
    edit-2
    1 year ago

    What is the original size of the program before docker?

    edit: Also the docker sandbox is not perfect for running unsafe programs. You could still have programs slow down your entire system by taking as many resources as possible. eg. forkbombs.

    • @[email protected]
      link
      fedilink
      51 year ago

      Doesn’t docker have a flag for limiting system usage? Like max mem, cores/threads etc? I swear I remember using something like this before.

      • @blotz
        link
        21 year ago

        Linux has ulimit so I assume docker does aswell

  • @[email protected]
    link
    fedilink
    61 year ago

    Doesn’t work with podman (on my machine at least), any suggestions?

    Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:f1c0eb6f4ccdca4b72528f451baf6f4027f4b0965396bc4d885e27fd58cba771": processing tar file(potentially insufficient UIDs or GIDs available in user namespace (requested 151413:12311 for /bin): Check /etc/subuid and /etc/subgid if configured locally and run "podman system migrate": lchown /bin: invalid argument): exit status 1