2024-12-27 19:16:39 +00:00
|
|
|
---
|
|
|
|
|
x-default-settings:
|
|
|
|
|
environment: &default-environment
|
|
|
|
|
ENROLL_SECRET: "${ENROLL_SECRET:?ENROLL_SECRET must be set for server authentication}"
|
2026-04-29 18:37:27 +00:00
|
|
|
platform: &default-platform linux/amd64
|
|
|
|
|
cap_add: &default-caps
|
|
|
|
|
- SYS_PTRACE
|
2024-12-27 19:16:39 +00:00
|
|
|
|
|
|
|
|
#
|
2026-04-29 18:37:27 +00:00
|
|
|
# SYS_PTRACE is granted so osquery can read /proc/<pid>/io for processes it
|
|
|
|
|
# doesn't own (otherwise: `[... processes.cpp:510] Cannot read /proc/50/io`).
|
|
|
|
|
# We avoid `privileged: true` because running multiple privileged services
|
|
|
|
|
# at once breaks Docker Desktop for Mac.
|
2024-12-27 19:16:39 +00:00
|
|
|
#
|
|
|
|
|
|
|
|
|
|
services:
|
|
|
|
|
ubuntu24.04-fleetd:
|
|
|
|
|
image: "fleetd-ubuntu-24.04"
|
|
|
|
|
platform: *default-platform
|
|
|
|
|
environment: *default-environment
|
2026-04-29 18:37:27 +00:00
|
|
|
cap_add: *default-caps
|
|
|
|
|
restart: on-failure
|
|
|
|
|
fedora43-fleetd:
|
|
|
|
|
image: "fleetd-fedora-43"
|
2024-12-27 19:16:39 +00:00
|
|
|
platform: *default-platform
|
|
|
|
|
environment: *default-environment
|
2026-04-29 18:37:27 +00:00
|
|
|
cap_add: *default-caps
|
|
|
|
|
restart: on-failure
|
|
|
|
|
debian13.4-fleetd:
|
|
|
|
|
image: "fleetd-debian-13.4"
|
2024-12-27 19:16:39 +00:00
|
|
|
platform: *default-platform
|
|
|
|
|
environment: *default-environment
|
2026-04-29 18:37:27 +00:00
|
|
|
cap_add: *default-caps
|
|
|
|
|
restart: on-failure
|
