dante_beacon/dep/dante_package/dante_data/capability/config.json

{
	"ociVersion": "1.0.1",
	"process": {
		"terminal": false,
		"user": {
			"uid": 0,
			"gid": 0
		},
		"args": [
			"./dep_manager",
			"/dante_data/capability/dante.json"
		],
		"env": [
			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
			"LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/dante",
			"TERM=xterm"
		],
		"cwd": "/dante",
		"capabilities": {
			"bounding": [
				"CAP_CHOWN",
				"CAP_DAC_OVERRIDE",
				"CAP_FSETID",
				"CAP_FOWNER",
				"CAP_MKNOD",
				"CAP_NET_RAW",
				"CAP_SETGID",
				"CAP_SETUID",
				"CAP_SETFCAP",
				"CAP_SETPCAP",
				"CAP_NET_BIND_SERVICE",
				"CAP_SYS_CHROOT",
				"CAP_KILL",
				"CAP_SYS_NICE",
				"CAP_AUDIT_WRITE",
				"CAP_NET_ADMIN"
			],
			"effective": [
				"CAP_CHOWN",
				"CAP_DAC_OVERRIDE",
				"CAP_FSETID",
				"CAP_FOWNER",
				"CAP_MKNOD",
				"CAP_NET_RAW",
				"CAP_SETGID",
				"CAP_SETUID",
				"CAP_SETFCAP",
				"CAP_SETPCAP",
				"CAP_NET_BIND_SERVICE",
				"CAP_SYS_CHROOT",
				"CAP_KILL",
				"CAP_SYS_NICE",
				"CAP_AUDIT_WRITE",
				"CAP_NET_ADMIN"
			],
			"inheritable": [
				"CAP_CHOWN",
				"CAP_DAC_OVERRIDE",
				"CAP_FSETID",
				"CAP_FOWNER",
				"CAP_MKNOD",
				"CAP_NET_RAW",
				"CAP_SETGID",
				"CAP_SETUID",
				"CAP_SETFCAP",
				"CAP_SETPCAP",
				"CAP_NET_BIND_SERVICE",
				"CAP_SYS_CHROOT",
				"CAP_KILL",
				"CAP_SYS_NICE",
				"CAP_AUDIT_WRITE",
				"CAP_NET_ADMIN"
			],
			"permitted": [
				"CAP_CHOWN",
				"CAP_DAC_OVERRIDE",
				"CAP_FSETID",
				"CAP_FOWNER",
				"CAP_MKNOD",
				"CAP_NET_RAW",
				"CAP_SETGID",
				"CAP_SETUID",
				"CAP_SETFCAP",
				"CAP_SETPCAP",
				"CAP_NET_BIND_SERVICE",
				"CAP_SYS_CHROOT",
				"CAP_KILL",
				"CAP_SYS_NICE",
				"CAP_AUDIT_WRITE",
				"CAP_NET_ADMIN"
			],
			"ambient": [
				"CAP_CHOWN",
				"CAP_DAC_OVERRIDE",
				"CAP_FSETID",
				"CAP_FOWNER",
				"CAP_MKNOD",
				"CAP_NET_RAW",
				"CAP_SETGID",
				"CAP_SETUID",
				"CAP_SETFCAP",
				"CAP_SETPCAP",
				"CAP_NET_BIND_SERVICE",
				"CAP_SYS_CHROOT",
				"CAP_KILL",
				"CAP_SYS_NICE",
				"CAP_AUDIT_WRITE",
				"CAP_NET_ADMIN"
			]
		},
		"rlimits": [
			{
				"type": "RLIMIT_NOFILE",
				"hard": 1024,
				"soft": 1024
			}
		],
		"noNewPrivileges": true
	},
	"root": {
		"path": "rootfs",
		"readonly": false
	},
	"hostname": "",
	"mounts": [
		{
			"destination": "/proc",
			"type": "proc",
			"source": "proc"
		},
		{
			"destination": "/var/run",
			"type": "tmpfs",
			"source": "tmpfs",
			"options": ["nosuid", "strictatime", "mode=755", "size=65536k"]
		},
		{
			"destination": "/var/run/dante",
			"type": "bind",
			"source": "/var/run/dante",
			"options": ["bind", "rw"]
		},
		{
			"destination": "/var/lib/dbus/machine-id",
			"type": "bind",
			"source": "/var/lib/dbus/machine-id",
			"options": ["ro", "rbind", "rprivate", "nosuid", "noexec", "nodev"]
		},
		{
			"destination": "/dev",
			"type": "tmpfs",
			"source": "tmpfs",
			"options": ["nosuid", "strictatime", "mode=755", "size=65536k"]
		},
		{
			"destination": "/dev/pts",
			"type": "devpts",
			"source": "devpts",
			"options": ["nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"]
		},
		{
			"destination": "/dev/shm",
			"type": "bind",
			"source": "/dev/shm",
			"options": ["bind", "rw"]
		},
		{
			"destination": "/dev/snd",
			"type": "bind",
			"source": "/dev/snd",
			"options": ["bind", "rw"]
		},
		{
			"destination": "/tmp",
			"type": "tmpfs",
			"source": "tmpfs",
			"options": ["nosuid", "strictatime", "mode=755", "size=65536k"]
		},
		{
			"destination": "/var/log",
			"type": "bind",
			"source": "/var/log",
			"options": ["bind", "rw"]
		},
		{
			"destination": "/etc/machine-id",
			"type": "bind",
			"source": "/etc/machine-id",
			"options": ["ro", "rbind", "rprivate", "nosuid", "noexec", "nodev"]
		},
		{
			"destination": "/etc/resolv.conf",
			"type": "bind",
			"source": "/etc/resolv.conf",
			"options": ["ro", "rbind", "rprivate", "nosuid", "noexec", "nodev"]
		},
		{
			"destination": "/dante_data",
			"type": "bind",
			"source": "/home/caster/dante_beacon/dep/dante_package/dante_data",
			"options": ["bind", "rw"]
		},
		{
			"destination": "/dante_data/capability",
			"type": "bind",
			"source": "/home/caster/dante_beacon/dep/dante_package/dante_data/capability",
			"options": ["bind", "ro"]
		},
		{
			"destination": "/sys",
			"type": "sysfs",
			"source": "sysfs",
			"options": ["nosuid", "noexec", "nodev", "ro"]
		},
		{
			"destination": "/sys/fs/cgroup",
			"type": "cgroup2",
			"source": "cgroup2",
			"options": ["nosuid", "noexec", "nodev", "relatime", "ro"]
		},
		{
			"destination": "/usr/share/alsa/alsa.conf",
			"type": "bind",
			"source": "/usr/share/alsa/alsa.conf",
			"options": ["bind", "ro"]
		}
	],
	"linux": {
		"cgroupsPath": "dante",
		"namespaces": [
			{ "type": "pid" },
			{ "type": "ipc" },
			{ "type": "mount" },
			{ "type": "uts" },
			{ "type": "cgroup" }
		],
		"devices": [
			{
				"path": "/dev/ptp0",
				"type": "c",
				"major": 249,
				"minor": 0,
				"fileMode": 384,
				"uid": 0,
				"gid": 0
			},
			{
				"path": "/dev/snd/pcmC3D0p",
				"type": "c",
				"major": 116,
				"minor": 8,
				"fileMode": 432,
				"uid": 0,
				"gid": 29
			},
			{
				"path": "/dev/snd/pcmC3D0c",
				"type": "c",
				"major": 116,
				"minor": 9,
				"fileMode": 432,
				"uid": 0,
				"gid": 29
			},
			{
				"path": "/dev/snd/pcmC3D1p",
				"type": "c",
				"major": 116,
				"minor": 10,
				"fileMode": 432,
				"uid": 0,
				"gid": 29
			},
			{
				"path": "/dev/snd/pcmC3D1c",
				"type": "c",
				"major": 116,
				"minor": 11,
				"fileMode": 432,
				"uid": 0,
				"gid": 29
			},
			{
				"path": "/dev/snd/controlC3",
				"type": "c",
				"major": 116,
				"minor": 12,
				"fileMode": 432,
				"uid": 0,
				"gid": 29
			}
		],
		"maskedPaths": [
			"/proc/kcore",
			"/proc/latency_stats",
			"/proc/timer_list",
			"/proc/timer_stats",
			"/proc/sched_debug",
			"/proc/scsi"
		],
		"readonlyPaths": [
			"/proc/asound",
			"/proc/bus",
			"/proc/fs",
			"/proc/irq",
			"/proc/sys",
			"/proc/sysrq-trigger"
		],
		"resources":{
			"devices":[
				{
					"allow": true,
					"type": "c",
					"major": 116,
					"access": "rw"
				}
			]
		}
	}
}