hoosegow 1.2.0 → 1.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/hoosegow.gemspec +1 -1
- data/script/bootstrap +2 -0
- data/script/cibuild +2 -0
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8a743e7ec41c3707de2a2e28ac52496e05453c70
|
|
4
|
+
data.tar.gz: b69f9d254a0c2fe8f3639cdeaadaf2957632e1af
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 51cca6f9ed8ab60e905c3f601541eefa119425fd4a24e969c3f0426daa34d87d31aa9b1adf02a76bf03e58c7f832beb17309438dcac7e0b249d776fbbc338d68
|
|
7
|
+
data.tar.gz: 6a424b86b4fbf080eb87056a9a85d5266bc6071d044bac12751557ece029d9f7ae712a98b60db1f87abea488fb240f36799d6b3352b46723074aff88d27b0618
|
data/README.md
CHANGED
|
@@ -8,7 +8,7 @@ Hoosegow runs both in your code and in a Docker container. When you call a metho
|
|
|
8
8
|
|
|
9
9
|
Hoosegow is intended to add a layer of security to projects that need to run code that is not fully trusted/audited. Because the untrusted code is running inside a Docker container, an attacker who manages to exploit a vulnerability in the code must also break out of the Docker container before gaining any access to the host system.
|
|
10
10
|
|
|
11
|
-
This means that Hoosegow is only as strong as Docker. Docker employs Kernel namespaces, capabilities, and cgroups to contain processes running inside a container. This is not true
|
|
11
|
+
This means that Hoosegow is only as strong as Docker. Docker employs Kernel namespaces, capabilities, and cgroups to contain processes running inside a container. This is not true virtualization though, and a process running as root inside the container *can* compromise the host system. Any privilege escalation bugs in the host Kernel could also be used to become root and compromise the host machine. Further hardening of the base Ubuntu image, along with tools like AppArmor or SE-Linux can improve the security posture of an application relying on Hoosegow/Docker.
|
|
12
12
|
|
|
13
13
|
The following are some useful resources regarding the security of Docker:
|
|
14
14
|
|
data/hoosegow.gemspec
CHANGED
|
@@ -2,7 +2,7 @@ require 'rake'
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = 'hoosegow'
|
|
5
|
-
s.version = '1.2.
|
|
5
|
+
s.version = '1.2.1'
|
|
6
6
|
s.summary = "A Docker jail for ruby code"
|
|
7
7
|
s.description = "Hoosegow provides an RPC layer on top of Docker containers so that you can isolate unsafe parts of your application."
|
|
8
8
|
s.authors = ["Ben Toews", "Matt Burke"]
|
data/script/bootstrap
ADDED
data/script/cibuild
ADDED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hoosegow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.2.
|
|
4
|
+
version: 1.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ben Toews
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2015-06-11 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rake
|
|
@@ -128,6 +128,8 @@ files:
|
|
|
128
128
|
- lib/hoosegow/exceptions.rb
|
|
129
129
|
- lib/hoosegow/image_bundle.rb
|
|
130
130
|
- lib/hoosegow/protocol.rb
|
|
131
|
+
- script/bootstrap
|
|
132
|
+
- script/cibuild
|
|
131
133
|
- script/proxy-integration-test
|
|
132
134
|
- spec/hoosegow_docker_spec.rb
|
|
133
135
|
- spec/hoosegow_spec.rb
|
|
@@ -152,7 +154,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
152
154
|
version: '0'
|
|
153
155
|
requirements: []
|
|
154
156
|
rubyforge_project:
|
|
155
|
-
rubygems_version: 2.2.
|
|
157
|
+
rubygems_version: 2.2.3
|
|
156
158
|
signing_key:
|
|
157
159
|
specification_version: 4
|
|
158
160
|
summary: A Docker jail for ruby code
|