Add binary release installation to README

ad-freiburg · May 24, 2018 · 3b87c5e · 3b87c5e
1 parent 970e6d7
commit 3b87c5e
Showing 1 changed file with 19 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -3,22 +3,25 @@ No Trivial Root for Docker
 
 **WARNING THIS IS VERY EXPERIMENTAL WITH NO CLAIM OF ACTUAL SECURITY**
 
-This is a very minimal [docker authorization plugin](https://docs.docker.com/engine/extend/plugins_authorization/) 
+This is a very minimal [docker authorization plugin](https://docs.docker.com/engine/extend/plugins_authorization/)
 designed to prevent trivial root escalation on docker already **running with user namespaces**.
 
 To be absolutely clear *without user namespaces this plugin is useless*
 
-One example of such a trivial way of gaining root would be 
+One example of such a trivial way of gaining root would be
 
     docker run --userns=host --rm -it -v /:/root/ busybox
 
-Building
---------
+Build/Download
+--------------
 Make sure you have a Go environment [set up](https://golang.org/doc/install)
 then do
 
     go get github.com/ad-freiburg/docker-no-trivial-root
 
+Alternatively you can download binary releases
+[here](https://github.com/ad-freiburg/docker-no-trivial-root/releases)
+
 Setup
 -----
 Again **make sure** you have [user namespaces enabled](https://docs.docker.com/engine/security/userns-remap/)
@@ -28,16 +31,26 @@ Create a startup unit for your init system of choice and make sure
 
 For systemd (most distributions) this can be done with the following steps
 
+    # For a build from source
     sudo cp $GOPATH/bin/docker-no-trivial-root /usr/sbin
     sudo cp $GOPATH/src/github.com/ad-freiburg/docker-no-trivial-root/systemd/docker-no-trivial-root.service /lib/systemd/system/
+
+    # Or for a binary release
+    cd /tmp # necessary if your $HOME is not readable with sudo (because of NFS)
+    wget https://github.com/ad-freiburg/docker-no-trivial-root/releases/download/v0.1.0/docker-no-trivial-root_$(uname -m).tar.bz2
+    tar -xavf docker-no-trivial-root_$(uname -m).tar.bz2
+    cd docker-no-trivial-root_$(uname -m)/
+    sudo cp docker-no-trivial-root /usr/sbin/docker-no-trivial-root
+    sudo cp systemd/docker-no-trivial-root.service /lib/systemd/system/
+
     sudo systemctl enable docker-no-trivial-root.service
     sudo systemctl start docker-no-trivial-root.service
 
 **Enable** the plugin by adding `--authorization-plugin=no-trivial-root` to
-your dockerd command line.  On Ubuntu this an `ExecStart` in
+your dockerd command line.  On Ubuntu this is an `ExecStart` in
 `/lib/systemd/system/docker.service`
 
-    sudo systemctl edit --full docker.service 
+    sudo systemctl edit --full docker.service
     sudo systemctl daemon-reload
     sudo systemctl restart docker.service