Nothing too shabby, but still. To run it you need docker, and after that just type
docker run -it --rm --log-driver none --read-only --net none --cap-drop=ALL --security-opt=no-new-privileges defnotgustavom/pixfire4
…and you will be greeted with a little, small, very pixelated bonfire.
“Why docker and not just a simple command?”
Mostly because of those two flags: --read-only
and --net none
. Can’t get better than this. :^)
This also came up while in a self-learning process, but I don’t want to “flex” it here.
What is the original size of the program before docker?
edit: Also the docker sandbox is not perfect for running unsafe programs. You could still have programs slow down your entire system by taking as many resources as possible. eg. forkbombs.
Doesn’t docker have a flag for limiting system usage? Like max mem, cores/threads etc? I swear I remember using something like this before.
Linux has ulimit so I assume docker does aswell
Wow! This is almost as useful as neofetch ;-)
Doesn’t work with podman (on my machine at least), any suggestions?
Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:f1c0eb6f4ccdca4b72528f451baf6f4027f4b0965396bc4d885e27fd58cba771": processing tar file(potentially insufficient UIDs or GIDs available in user namespace (requested 151413:12311 for /bin): Check /etc/subuid and /etc/subgid if configured locally and run "podman system migrate": lchown /bin: invalid argument): exit status 1
Did you tried running it as another user? I’ve set binary ownership via chmod to the non-root user in the container.
Tried with another user and it works, looks really cool btw!
Any way to quit gracefully though?
I tried both Ctrl+C and Ctrl+Z but it just ignores the signals, I could only resort to killing itThanks. And CTRL + C is a bit wonky since it waits for the command to reach the end of the code to trigger it, but it works. (It’s intended to be “gloriously minimal”, so theres that. With built-in functions, and the least amount of code and calls.)
I see, weirdly it works every time on my own user, but it is on my second one that it doesn’t, the two applications are different though, did I somehow pull two different images?
With built-in functions, and the least amount of code and calls
I’m a bit curious, can you share the repository?
I’ve no idea. Still, running it on my rpi 4 and on my orange pi zero 3 has given me the same expected experience without any sudden changes.
I’m a bit curious, can you share the repository?
I’ll try that, I also read around that I could increase my UID namespace range (not that I understand what it means 🫣), so I’ll try that too
Edit: Now I half understand after reading these:
4.https://opensource.com/article/19/2/how-does-rootless-podman-work