-
-
Notifications
You must be signed in to change notification settings - Fork 238
/
docker-compose.yml
81 lines (79 loc) · 2.09 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
services:
# nosemgrep
emba:
image: embeddedanalyzer/emba:1.5.1a
container_name: emba
read_only: true
# all pre-checker mount modules need privileged mode
# nosemgrep
privileged: true
# /root/.config is needed for binwalk - further recovery for other tools needed
# /root/.config is needed for cwe_checker
# /root/.local is needed for cwe_checker
tmpfs:
# exec on /tmp is needed for capa -> Todo: find better solution
- /tmp:exec
- /root/.config/
- /root/.local/share/composer/
- /root/.local/share/cwe_checker/
# - /root/.local/share
- /root/.cache/
- /root/.semgrep/
- /root/.ghidra/
- /root/.msf4
- /root/.john
- /root/.gnupg
- /run/lock
- /var/run
- /var/tmp
- /var/lock
build: .
# /dev is needed for the system emulator (L10)
volumes:
- ${FIRMWARE}/:/firmware:ro
- ${LOG}/:/logs
- ${EMBA}/:/emba:ro
- ${EMBA}/external/linux_kernel_sources/:/external/linux_kernel_sources:ro
- ${EMBA}/external/nvd-json-data-feeds/:/external/nvd-json-data-feeds:ro
- /etc/localtime:/etc/localtime:ro
- /dev:/dev
environment:
- USER
- CONTAINER_NUMBER=1
# network_mode: host
devices:
- /dev/fuse:/dev/fuse:rwm
cap_add:
- SYS_ADMIN
ulimits:
core:
hard: 0
soft: 0
emba_quest:
image: embeddedanalyzer/emba:1.5.1a
container_name: emba_quest
read_only: true
tmpfs:
- /tmp
- /root
- /run/lock
- /var/run
- /var/tmp
- /var/lock
volumes:
- ${FIRMWARE}/:/firmware:ro
- ${LOG}/:/logs
- ${EMBA}/:/emba:ro
- ${EMBA}/external/linux_kernel_sources/:/external/linux_kernel_sources
- ${EMBA}/external/nvd-json-data-feeds/:/external/nvd-json-data-feeds:ro
- /etc/localtime:/etc/localtime:ro
environment:
- USER
- CONTAINER_NUMBER=2
network_mode: host
ulimits:
core:
hard: 0
soft: 0
security_opt:
- no-new-privileges:true