Initialize the repository, add files

Author: we3i

README.md

@@ -0,0 +1,15 @@
+# podman-pandoc
+
+A demonstration of container hardening process. Check the related article at hardenedlinux.org for the instructions.
+
+### Files included
+
+* `build/Dockerfile` - for building a simple pandoc container for the demonstration.
+* `demo/Makefile` - contains commands to create and apply customized Seccomp profile using [oci-seccomp-bpf-hook](https://github.com/containers/oci-seccomp-bpf-hook).
+* `default.seccomp.json` - the default Seccomp profile copied from `/usr/share/containers/seccomp.json` for reference.
+
+### Notes
+
+1. [Podman](https://podman.io/) is used in this demonstration as the container platform.
+2. `cd demo/; make help` to see how to use the commands.
+

build/Dockerfile

@@ -0,0 +1,16 @@
+FROM opensuse/tumbleweed
+MAINTAINER [email protected]
+
+ENV LANG="en_US.UTF-8" LC_CTYPE="en_US.UTF-8"
+
+RUN zypper --non-interactive update && \
+    zypper --non-interactive install --force-resolution \
+    pandoc && \
+    zypper clean -a && \
+    rm -rf /var/log/* /var/tmp/*
+
+RUN groupadd -g 1000 pan
+RUN useradd -m -u 1000 -g pan pan
+
+USER pan
+WORKDIR /home/pan/