diff options
author | Valentin Rothberg <rothberg@redhat.com> | 2020-01-23 10:04:18 +0100 |
---|---|---|
committer | Valentin Rothberg <rothberg@redhat.com> | 2020-01-23 10:06:43 +0100 |
commit | 1531509542194bf7800621b4b7a6071f53961dab (patch) | |
tree | 35427fbd19858ab4f28cd8a56ee13bacaa14757d /docs/source | |
parent | ac3a6b80b0ccd2f9592110811ccf6fd844110b9e (diff) | |
download | podman-1531509542194bf7800621b4b7a6071f53961dab.tar.gz podman-1531509542194bf7800621b4b7a6071f53961dab.tar.bz2 podman-1531509542194bf7800621b4b7a6071f53961dab.zip |
seccomp policy: expect profile in config label
Move the seccomp profile from a manifest annotation to a config label.
This way, we can support it for Docker images as well and provide an
easy way to add that data via Dockerfiles.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'docs/source')
-rw-r--r-- | docs/source/markdown/podman-create.1.md | 2 | ||||
-rw-r--r-- | docs/source/markdown/podman-run.1.md | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 7f0c2260c..0e641f3a3 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -679,7 +679,7 @@ of the container is assumed to be managed externally. **--seccomp-policy**=*policy* -Specify the policy to select the seccomp profile. If set to *image*, Podman will look for a "io.podman.seccomp.profile" annotation in the container image and use its value as a seccomp profile. Otherwise, Podman will follow the *default* policy by applying the default profile unless specified otherwise via *--security-opt seccomp* as described below. +Specify the policy to select the seccomp profile. If set to *image*, Podman will look for a "io.podman.seccomp.profile" label in the container-image config and use its value as a seccomp profile. Otherwise, Podman will follow the *default* policy by applying the default profile unless specified otherwise via *--security-opt seccomp* as described below. Note that this feature is experimental and may change in the future. diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 2b1452b53..512a382a6 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -700,7 +700,7 @@ Note: On `SELinux` systems, the rootfs needs the correct label, which is by defa **--seccomp-policy**=*policy* -Specify the policy to select the seccomp profile. If set to *image*, Podman will look for a "io.podman.seccomp.profile" annotation in the container image and use its value as a seccomp profile. Otherwise, Podman will follow the *default* policy by applying the default profile unless specified otherwise via *--security-opt seccomp* as described below. +Specify the policy to select the seccomp profile. If set to *image*, Podman will look for a "io.podman.seccomp.profile" label in the container-image config and use its value as a seccomp profile. Otherwise, Podman will follow the *default* policy by applying the default profile unless specified otherwise via *--security-opt seccomp* as described below. Note that this feature is experimental and may change in the future. |