summaryrefslogtreecommitdiff
path: root/vendor/github.com/seccomp/containers-golang/README.md
diff options
context:
space:
mode:
authorValentin Rothberg <rothberg@redhat.com>2019-01-08 14:52:57 +0100
committerValentin Rothberg <rothberg@redhat.com>2019-01-11 13:38:11 +0100
commitbd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87 (patch)
tree5f06e4e289f16d9164d692590a3fe6541b5384cf /vendor/github.com/seccomp/containers-golang/README.md
parent545f24421247c9f6251a634764db3f8f8070a812 (diff)
downloadpodman-bd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87.tar.gz
podman-bd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87.tar.bz2
podman-bd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87.zip
vendor: update everything
* If possible, update each dependency to the latest available version. * Use releases over commit IDs and avoid vendoring branches. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'vendor/github.com/seccomp/containers-golang/README.md')
-rw-r--r--vendor/github.com/seccomp/containers-golang/README.md14
1 files changed, 11 insertions, 3 deletions
diff --git a/vendor/github.com/seccomp/containers-golang/README.md b/vendor/github.com/seccomp/containers-golang/README.md
index 43aa9db41..1012baec3 100644
--- a/vendor/github.com/seccomp/containers-golang/README.md
+++ b/vendor/github.com/seccomp/containers-golang/README.md
@@ -1,13 +1,14 @@
`containers-golang` is a set of Go libraries used by container runtimes to generate and load seccomp mappings into the kernel.
-seccomp (short for secure computing mode) is a computer security facility in the Linux kernel. It was merged into the Linux kernel mainline in kernel version 2.6.12, which was released on March 8, 2005.[1] seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write() to already-open file descriptors. Should it attempt any other system calls, the kernel will terminate the process with SIGKILL or SIGSYS[2][3]. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.
-
-## Dependencies
+seccomp (short for secure computing mode) is a BPF based syscall filter language and present a more conventional function-call based filtering interface that should be familiar to, and easily adopted by, application developers.
## Building
+ make - Generates default.json file, which containes the whitelisted syscalls that can be used by container runtime engines like [CRI-O][cri-o], [Buildah][buildah], [Podman][podman] and [Docker][docker], and container runtimes like OCI [Runc][runc] to controll the syscalls available to containers.
### Supported build tags
+ `seccomp`
+
## Contributing
When developing this library, please use `make` (or `make … BUILDTAGS=…`) to take advantage of the tests and validation.
@@ -19,3 +20,10 @@ ASL 2.0
## Contact
- IRC: #[CRI-O](irc://irc.freenode.net:6667/#cri-o) on freenode.net
+
+[cri-o]: https://github.com/kubernetes-incubator/cri-o/pulls
+[buildah]: https://github.com/projectatomic/buildah
+[podman]: https://github.com/projectatomic/podman
+[docker]: https://github.com/docker/docker
+[runc]: https://github.com/opencontainers/runc
+