diff options
| author | Matthew Heon <mheon@redhat.com> | 2020-07-13 16:22:24 -0400 |
|---|---|---|
| committer | Matthew Heon <mheon@redhat.com> | 2020-07-13 16:35:04 -0400 |
| commit | 237fe441b373ea129ca45421056fca4532112851 (patch) | |
| tree | 34d1081febb9b57f69d907a5131b8411eff27331 /README.md | |
| parent | d86acf2caea68d1dbf349c54d0532b3ce92dcb85 (diff) | |
| download | podman-237fe441b373ea129ca45421056fca4532112851.tar.gz podman-237fe441b373ea129ca45421056fca4532112851.tar.bz2 podman-237fe441b373ea129ca45421056fca4532112851.zip | |
Remove outdated seccomp policy
Some time ago, we moved the Seccomp policy (and related setup
code) to a place where all our tools could share it [1]. We did
not, however, remove the in-repo seccomp.json file. Over the last
year or so, the in-repo seccomp policy has become progressively
more and more outdated, with no effort made to maintain it
(because what sense is there in keeping a duplicate?). Today, a
friend came to me and asked if a Podman container could access
keyctl, assuming it could not because he was reading the outdated
Seccomp policy which does not allow it. Since it's becoming clear
that this file is doing no good and actively causing confusion,
let's just drop it.
[1] https://github.com/seccomp/containers-golang
Signed-off-by: Matthew Heon <mheon@redhat.com>
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 11 |
1 files changed, 6 insertions, 5 deletions
@@ -89,12 +89,13 @@ A little configuration by an administrator is required before rootless Podman ca ## OCI Projects Plans The plan is to use OCI projects and best of breed libraries for different aspects: -- Runtime: [runc](https://github.com/opencontainers/runc) (or any OCI compliant runtime) and [OCI runtime tools](https://github.com/opencontainers/runtime-tools) to generate the spec -- Images: Image management using [containers/image](https://github.com/containers/image) -- Storage: Container and image storage is managed by [containers/storage](https://github.com/containers/storage) -- Networking: Networking support through use of [CNI](https://github.com/containernetworking/cni) +- Runtime: We use the [OCI runtime tools](https://github.com/opencontainers/runtime-tools) to generate OCI runtime configurations that can be used with any OCI-compliant runtime, like [crun](https://github.com/containers/crun/) and [runc](https://github.com/opencontainers/runc/). +- Images: Image management uses the [containers/image](https://github.com/containers/image) library. +- Storage: Container and image storage is managed by [containers/storage](https://github.com/containers/storage). +- Networking: Networking support through use of [CNI](https://github.com/containernetworking/cni). - Builds: Builds are supported via [Buildah](https://github.com/containers/buildah). -- Conmon: [Conmon](https://github.com/containers/conmon) is a tool for monitoring OCI runtimes. +- Conmon: [Conmon](https://github.com/containers/conmon) is a tool for monitoring OCI runtimes, used by both Podman and CRI-O. +- Seccomp: A unified [Seccomp](https://github.com/seccomp/containers-golang) policy for Podman, Buildah, and CRI-O. ## Podman Information for Developers |