This directory builds a docker image that safely executes Rserve. The Rserve instance is made available as /home/rserve/socket. To protect the container, we
- Run the container using
--net=none
to disable networking inside the container - Run
Rserve
as a non-priveleged user - Disable most binaries using
chmod
, except for those needed.
-
make image
- Creates
/home/rserve
- Updates
Dockerfile
- Creates the docker image
- Creates
-
make run
- Starts the Rserve container. This creates a Unix domain
socket
/home/rserve/socket
that allows for contacting the R server.
- Starts the Rserve container. This creates a Unix domain
socket
-
make shell
- Starts the container with a shell, so you can look around
Edit
Dockerfile.in
for adding additional packages to RRserve.sh
for setting limits for the Rserve processesRserve.conf
for configuring the Rserve process. Documentation is available from the Rserve wiki