summaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
authorMatthew Heon <mheon@redhat.com>2020-07-13 16:22:24 -0400
committerMatthew Heon <mheon@redhat.com>2020-07-13 16:35:04 -0400
commit237fe441b373ea129ca45421056fca4532112851 (patch)
tree34d1081febb9b57f69d907a5131b8411eff27331 /README.md
parentd86acf2caea68d1dbf349c54d0532b3ce92dcb85 (diff)
downloadpodman-237fe441b373ea129ca45421056fca4532112851.tar.gz
podman-237fe441b373ea129ca45421056fca4532112851.tar.bz2
podman-237fe441b373ea129ca45421056fca4532112851.zip
Remove outdated seccomp policy
Some time ago, we moved the Seccomp policy (and related setup code) to a place where all our tools could share it [1]. We did not, however, remove the in-repo seccomp.json file. Over the last year or so, the in-repo seccomp policy has become progressively more and more outdated, with no effort made to maintain it (because what sense is there in keeping a duplicate?). Today, a friend came to me and asked if a Podman container could access keyctl, assuming it could not because he was reading the outdated Seccomp policy which does not allow it. Since it's becoming clear that this file is doing no good and actively causing confusion, let's just drop it. [1] https://github.com/seccomp/containers-golang Signed-off-by: Matthew Heon <mheon@redhat.com>
Diffstat (limited to 'README.md')
-rw-r--r--README.md11
1 files changed, 6 insertions, 5 deletions
diff --git a/README.md b/README.md
index 619c9c0ec..82e2d3af9 100644
--- a/README.md
+++ b/README.md
@@ -89,12 +89,13 @@ A little configuration by an administrator is required before rootless Podman ca
## OCI Projects Plans
The plan is to use OCI projects and best of breed libraries for different aspects:
-- Runtime: [runc](https://github.com/opencontainers/runc) (or any OCI compliant runtime) and [OCI runtime tools](https://github.com/opencontainers/runtime-tools) to generate the spec
-- Images: Image management using [containers/image](https://github.com/containers/image)
-- Storage: Container and image storage is managed by [containers/storage](https://github.com/containers/storage)
-- Networking: Networking support through use of [CNI](https://github.com/containernetworking/cni)
+- Runtime: We use the [OCI runtime tools](https://github.com/opencontainers/runtime-tools) to generate OCI runtime configurations that can be used with any OCI-compliant runtime, like [crun](https://github.com/containers/crun/) and [runc](https://github.com/opencontainers/runc/).
+- Images: Image management uses the [containers/image](https://github.com/containers/image) library.
+- Storage: Container and image storage is managed by [containers/storage](https://github.com/containers/storage).
+- Networking: Networking support through use of [CNI](https://github.com/containernetworking/cni).
- Builds: Builds are supported via [Buildah](https://github.com/containers/buildah).
-- Conmon: [Conmon](https://github.com/containers/conmon) is a tool for monitoring OCI runtimes.
+- Conmon: [Conmon](https://github.com/containers/conmon) is a tool for monitoring OCI runtimes, used by both Podman and CRI-O.
+- Seccomp: A unified [Seccomp](https://github.com/seccomp/containers-golang) policy for Podman, Buildah, and CRI-O.
## Podman Information for Developers