| parent |
|---|
Configuration |
Points to a script file (typically a Bash script) to be run during customization.
Scripts are run with a limited set of capabilities. Specifically:
CAP_CHOWNCAP_DAC_OVERRIDECAP_DAC_READ_SEARCHCAP_FOWNERCAP_SETFCAP
Restricting the set of capabilities helps prevent scripts from accidentally affecting the host kernel.
WARNING: Custom scripts are not considered to be on security boundary. Only use config files that you trust (or run image customizer in a security sandbox).
The path of the script.
This must be in the same directory or a sub-directory that the config file is located in.
Only one of path or content may be specified.
Example:
scripts:
postCustomization:
- path: scripts/a.shThe contents of the script to run.
The script is written to a temporary file under the customized OS's /tmp directory.
Only one of path or content may be specified.
Example:
scripts:
postCustomization:
- content: |
echo "Hello, World"The program to run the script with.
If not specified, then the script is run by /bin/sh.
Example:
scripts:
postCustomization:
- content: |
print("Hello, World")
interpreter: python3Additional arguments to pass to the script.
Example:
scripts:
postCustomization:
- path: scripts/a.sh
arguments:
- abcAdditional environment variables to set on the program.
Example:
scripts:
postCustomization:
- content: |
echo "$a $b"
environmentVariables:
a: hello
b: worldThe name of the script.
This field is only used to refer to the script in the logs.
It is particularly useful when content is used.
Example:
scripts:
postCustomization:
- content: |
echo "Hello, World"
name: greetings