You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,7 @@ Diamond will:
10
10
* Mount the image in `/var/apps/foo` and clone the source there
11
11
* Create a SystemD service file with CPU/RAM limitations in `/etc/systemd/system/foo.service`
12
12
13
-
Since the service will have it's own unprivileged Linux user, it's possible to limit damage caused if that specific service is compromised. The reason for the creation of the disk image is simple -- if the service allows saving arbitrary files to disk, it should not be possible for it to be able to fill the host disk to the brim and crash the system. It also has a positive side-effect of making the service and it's files more portable.
13
+
Since the service will have it's own unprivileged Linux user, it's possible to limit damage caused if that specific service is compromised. The reason for the creation of the disk image is simple -- if the service allows saving arbitrary files to disk, it should not be possible for the service to fill the host disk to the brim and crash the system; it also has a positive side-effect of making the service and it's files more portable.
14
14
15
15
Diamond also allows you to automatically mount all the disk images and start all the services automatically this way:
0 commit comments