2022-09-23 11:57:30 +02:00
2 changed files with 27 additions and 2 deletions
--- a/auditd/etc/audit/rules.d/docker.rules
+++ b/auditd/etc/audit/rules.d/docker.rules
@ -0,0 +1,13 @@
+-w /etc/docker -k docker
+-w /etc/default/docker -k docker
+-w /etc/docker/daemon.json -k docker
+-w /etc/containerd/config.toml -k docker
+-w /lib/systemd/system/docker.service -k docker
+-w /lib/systemd/system/docker.socket -k docker
+-w /run/containerd -k docker
+-w /usr/bin/containerd -k docker
+-w /usr/bin/containerd-shim -k docker
+-w /usr/bin/containerd-shim-runc-v1 -k docker
+-w /usr/bin/containerd-shim-runc-v2 -k docker
+-w /usr/bin/runc -k docker
+-w /var/lib/docker -k docker
--- a/docker/etc/docker/daemon.json
+++ b/docker/etc/docker/daemon.json
@ -1,4 +1,16 @@
 {
-    "userland-proxy": false,
-    "icc": false
+    "default-ulimits": {
+        "nofile": {
+            "Hard": 8192,
+            "Name": "nofile",
+            "Soft": 4096
+        }, "nproc": {
+            "Hard": 4096,
+            "Name": "nproc",
+            "Soft": 2048
+        }
+    },
+    "icc": false,
+    "no-new-privileges": false,
+    "userland-proxy": false
 }