Nothing too shabby, but still. To run it you need docker, and after that just type

docker run -it --rm --log-driver none --read-only --net none --cap-drop=ALL --security-opt=no-new-privileges defnotgustavom/pixfire4

…and you will be greeted with a little, small, very pixelated bonfire.

“Why docker and not just a simple command?”

Mostly because of those two flags: --read-only and --net none. Can’t get better than this. :^)

This also came up while in a self-learning process, but I don’t want to “flex” it here.

  • blotz@lemmy.world
    link
    fedilink
    arrow-up
    10
    ·
    edit-2
    1 year ago

    What is the original size of the program before docker?

    edit: Also the docker sandbox is not perfect for running unsafe programs. You could still have programs slow down your entire system by taking as many resources as possible. eg. forkbombs.

    • floridaman
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Doesn’t docker have a flag for limiting system usage? Like max mem, cores/threads etc? I swear I remember using something like this before.