search

28mm / blast-radius

Interactive visualizations of Terraform dependency graphs using d3.js
https://28mm.github.io/blast-radius-docs/
MIT License
2.04k stars 257 forks source link

Container without CAP_SYS_ADMIN #57

Closed abitrolly closed 5 years ago

abitrolly commented 5 years ago

I'd like to just see the picture of my config without installing too much libs on my system to avoid breaking things. But it doesn't work.

✗ terraform graph -draw-cycles | docker run -i 28mm/blast-radius
mount: /tmp/overlay: permission denied.
/src/docker-entrypoint.sh: line 14: cd: /workdir-rw: No such file or directory

I read that using CAP_SYS_ADMIN is a bad security practice. Is it possible to build container without it? Or make it optional.

https://www.slideshare.net/jpetazzo/linux-containers-lxc-docker-and-security/19-HoweverCAPSYSADMIN_is_a_big_can

abitrolly commented 5 years ago

I could run it.. )

✗ terraform graph -draw-cycles | podman run -i --entrypoint blast-radius 28mm/blast-radius --svg > something.svg