diff options
author | Matthew Heon <mheon@redhat.com> | 2020-07-13 16:22:24 -0400 |
---|---|---|
committer | Matthew Heon <mheon@redhat.com> | 2020-07-13 16:35:04 -0400 |
commit | 237fe441b373ea129ca45421056fca4532112851 (patch) | |
tree | 34d1081febb9b57f69d907a5131b8411eff27331 /Makefile | |
parent | d86acf2caea68d1dbf349c54d0532b3ce92dcb85 (diff) | |
download | podman-237fe441b373ea129ca45421056fca4532112851.tar.gz podman-237fe441b373ea129ca45421056fca4532112851.tar.bz2 podman-237fe441b373ea129ca45421056fca4532112851.zip |
Remove outdated seccomp policy
Some time ago, we moved the Seccomp policy (and related setup
code) to a place where all our tools could share it [1]. We did
not, however, remove the in-repo seccomp.json file. Over the last
year or so, the in-repo seccomp policy has become progressively
more and more outdated, with no effort made to maintain it
(because what sense is there in keeping a duplicate?). Today, a
friend came to me and asked if a Podman container could access
keyctl, assuming it could not because he was reading the outdated
Seccomp policy which does not allow it. Since it's becoming clear
that this file is doing no good and actively causing confusion,
let's just drop it.
[1] https://github.com/seccomp/containers-golang
Signed-off-by: Matthew Heon <mheon@redhat.com>
Diffstat (limited to 'Makefile')
-rw-r--r-- | Makefile | 8 |
1 files changed, 1 insertions, 7 deletions
@@ -443,7 +443,7 @@ swagger-check: .PHONY: codespell codespell: - codespell -S bin,vendor,.git,go.sum,changelog.txt,seccomp.json,.cirrus.yml,"*.xz,*.gz,*.tar,*.tgz,bin2img,*ico,*.png,*.1,*.5,copyimg,*.orig,apidoc.go" -L uint,iff,od,seeked,splitted,marge,ERRO,hist -w + codespell -S bin,vendor,.git,go.sum,changelog.txt,.cirrus.yml,"*.xz,*.gz,*.tar,*.tgz,bin2img,*ico,*.png,*.1,*.5,copyimg,*.orig,apidoc.go" -L uint,iff,od,seeked,splitted,marge,ERRO,hist -w # When publishing releases include critical build-time details .PHONY: release.txt @@ -540,12 +540,6 @@ install.man-nobuild: .PHONY: install.man install.man: docs install.man-nobuild -.PHONY: install.seccomp -install.seccomp: - # TODO: we should really be using the upstream one from github.com/seccomp - install ${SELINUXOPT} -d -m 755 $(DESTDIR)$(SHAREDIR_CONTAINERS) - install ${SELINUXOPT} -m 644 seccomp.json $(DESTDIR)$(SHAREDIR_CONTAINERS)/seccomp.json - .PHONY: install.completions install.completions: install ${SELINUXOPT} -d -m 755 ${DESTDIR}${BASHINSTALLDIR} |