Restricted Whitelist

Computes requires whitelists to authorize execution of docker and non-container binaries. The security policy of the computes-daemon is default deny, which means anything not listed in the whitelist will not be allowed to run.

Example Restricted Whitelist

🚧
Security Warning
This is only an example, proceed with caution when whitelisting any native binary or docker image.

1. Create the manifest

{
  "*": {
    "image": "computes/fibonacci-sum-split:latest"
  }
}

2. Add the manifest to IPFS

cat manifest.json | ipfs dag put
> zdpuArJcUhve8GiwWQM5nhAKfzc3LPztg1EsoYxbpufAzo4Dr

3. Reference the manifest in your whitelist

When you reference this manifest in your whitelist, it will only allow the docker image computes/fibonacci-sum-split:latest to run.

{
  "runners": {
    "docker-json-runner": {
      "manifests": [
        { "/": "zdpuArJcUhve8GiwWQM5nhAKfzc3LPztg1EsoYxbpufAzo4Dr" }
      ]
    }
  }
}

Example Restricted Whitelist

🚧Security Warning

1. Create the manifest

2. Add the manifest to IPFS

3. Reference the manifest in your whitelist

🚧
Security Warning