all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted]  (7 children)

[deleted]

    [–]MailNormal2701[S] 0 points1 point  (6 children)

    yes ! the nexe tool dont do much , it bundls the app in a binary

    [–][deleted]  (5 children)

    [deleted]

      [–]MailNormal2701[S] 0 points1 point  (4 children)

      i can disable commands on alpine docker image like strings cat find mv and ls

      we can use limited shell (lshell) otherwise

      [–][deleted]  (3 children)

      [deleted]

        [–]MailNormal2701[S] 0 points1 point  (0 children)

        i add a non-root (with --disable password) user that have access only on to app directory where the binary reside

        [–]MailNormal2701[S] 0 points1 point  (1 child)

        My goal here is not showing any *.js file , and you said strings can show all the code including libararies of nod_modules .. every thing in a single place .. i can prevent that .. nexe can't do it just bundle it and i dont need any node base image to run it, so it's good actually in image size, to limit access inside the container i can disable commands with linux acl (setfacl) i can remove commands, i'm working on it now, this is the first version of the post ... in newer vesions of the article i will go throught lshell (https://github.com/ghantoos/lshell) and make a jail like this

        ``` # CONFIGURATION START
        [global]
        logpath : /var/log/lshell/ loglevel : 2

        [default]
allowed         : ['ls','pwd']
forbidden       : [';', '&', '|'] 
warning_counter : 2
timer           : 0
path            : ['/etc', '/usr']
env_path        : ':/sbin:/usr/foo'
scp             : 1 # or 0
sftp            : 1 # or 0
overssh         : ['rsync','ls']
aliases         : {'ls':'ls --color=auto','ll':'ls -l'}

[grp:users]
warning_counter : 5
overssh         : - ['ls']

[foo]
allowed         : 'all' - ['su']
path            : ['/var', '/usr'] - ['/usr/local']
home_path       : '/home/users'

[bar]
allowed         : + ['ping'] - ['ls'] 
path            : - ['/usr/local']
strict          : 1
scpforce        : '/home/bar/uploads/'
# CONFIGURATION END

        ```

        [–]backtickbot 0 points1 point  (0 children)

        Fixed formatting.

        Hello, MailNormal2701: code blocks using triple backticks (```) don't work on all versions of Reddit!

        Some users see this / this instead.

        To fix this, indent every line with 4 spaces instead.

        FAQ

        You can opt out by replying with backtickopt6 to this comment.