FROM debian:trixie-slim
WORKDIR /app/
COPY --chown=root:root --chmod=400 ./src/flag.txt        /flag.txt
COPY --chown=root:root --chmod=555 ./src/wrapper.sh      ./
COPY --chown=root:root --chmod=555 ./bin/boring          ./
COPY --chown=root:root --chmod=555 ./bin/libsandbox.so   ./
COPY --chown=root:root --chmod=555 ./bin/getflag         /getflag
COPY --chown=root:root --chmod=555 ./bin/libc-2.41.so    /lib/x86_64-linux-gnu/libc.so.6
COPY --chown=root:root --chmod=555 ./bin/libcbor.so.0.10 /lib/x86_64-linux-gnu/libcbor.so.0.10
COPY --chown=root:root --chmod=555 ./bin/ld-2.41.so      /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
RUN apt-get update                              && \
    apt-get install -qy --no-install-recommends    \
        socat=1.8.*                                \
        libseccomp-dev=2.*                         \
        libcbor-dev=0.*                         && \
    apt-get clean                               && \
    rm -rf /var/lib/apt/lists/                  && \
    useradd ctf                                 && \
    chmod +s /getflag
EXPOSE 4000
USER ctf
CMD ["socat", "tcp-listen:4000,reuseaddr,fork", "exec:'/usr/bin/timeout -k 121 120 /app/wrapper.sh'"]
