From 20071340f02527840ff55052968fe8a6a4c8017b Mon Sep 17 00:00:00 2001
From: Claudio Maradonna <claudio@unitoo.pw>
Date: Thu, 22 Sep 2022 15:45:18 +0200
Subject: [PATCH 1/2] add auditd docker rules

---
 auditd/etc/audit/rules.d/docker.rules | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 auditd/etc/audit/rules.d/docker.rules

diff --git a/auditd/etc/audit/rules.d/docker.rules b/auditd/etc/audit/rules.d/docker.rules
new file mode 100644
index 0000000..80b6380
--- /dev/null
+++ b/auditd/etc/audit/rules.d/docker.rules
@@ -0,0 +1,13 @@
+-w /etc/docker -k docker
+-w /etc/default/docker -k docker
+-w /etc/docker/daemon.json -k docker
+-w /etc/containerd/config.toml -k docker
+-w /lib/systemd/system/docker.service -k docker
+-w /lib/systemd/system/docker.socket -k docker
+-w /run/containerd -k docker
+-w /usr/bin/containerd -k docker
+-w /usr/bin/containerd-shim -k docker
+-w /usr/bin/containerd-shim-runc-v1 -k docker
+-w /usr/bin/containerd-shim-runc-v2 -k docker
+-w /usr/bin/runc -k docker
+-w /var/lib/docker -k docker

From ed14592a1ed0c6d307ee7709c00f94cae0032232 Mon Sep 17 00:00:00 2001
From: Claudio Maradonna <claudio@unitoo.pw>
Date: Fri, 23 Sep 2022 11:52:53 +0200
Subject: [PATCH 2/2] docker: update daemon.json

---
 docker/etc/docker/daemon.json | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/docker/etc/docker/daemon.json b/docker/etc/docker/daemon.json
index cee3a96..a0dc279 100644
--- a/docker/etc/docker/daemon.json
+++ b/docker/etc/docker/daemon.json
@@ -1,4 +1,16 @@
 {
-    "userland-proxy": false,
-    "icc": false
+    "default-ulimits": {
+        "nofile": {
+            "Hard": 8192,
+            "Name": "nofile",
+            "Soft": 4096
+        }, "nproc": {
+            "Hard": 4096,
+            "Name": "nproc",
+            "Soft": 2048
+        }
+    },
+    "icc": false,
+    "no-new-privileges": false,
+    "userland-proxy": false
 }