Nothing too shabby, but still. To run it you need docker, and after that just type
docker run -it --rm --log-driver none --read-only --net none --cap-drop=ALL --security-opt=no-new-privileges defnotgustavom/pixfire4
…and you will be greeted with a little, small, very pixelated bonfire.
“Why docker and not just a simple command?”
Mostly because of those two flags: --read-only
and --net none
. Can’t get better than this. :^)
This also came up while in a self-learning process, but I don’t want to “flex” it here.
What is the original size of the program before docker?
edit: Also the docker sandbox is not perfect for running unsafe programs. You could still have programs slow down your entire system by taking as many resources as possible. eg. forkbombs.
Doesn’t docker have a flag for limiting system usage? Like max mem, cores/threads etc? I swear I remember using something like this before.
Linux has ulimit so I assume docker does aswell