diff options
author | Valentin Rothberg <rothberg@redhat.com> | 2019-01-08 14:52:57 +0100 |
---|---|---|
committer | Valentin Rothberg <rothberg@redhat.com> | 2019-01-11 13:38:11 +0100 |
commit | bd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87 (patch) | |
tree | 5f06e4e289f16d9164d692590a3fe6541b5384cf /vendor/github.com/seccomp/containers-golang | |
parent | 545f24421247c9f6251a634764db3f8f8070a812 (diff) | |
download | podman-bd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87.tar.gz podman-bd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87.tar.bz2 podman-bd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87.zip |
vendor: update everything
* If possible, update each dependency to the latest available version.
* Use releases over commit IDs and avoid vendoring branches.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'vendor/github.com/seccomp/containers-golang')
-rw-r--r-- | vendor/github.com/seccomp/containers-golang/README.md | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/vendor/github.com/seccomp/containers-golang/README.md b/vendor/github.com/seccomp/containers-golang/README.md index 43aa9db41..1012baec3 100644 --- a/vendor/github.com/seccomp/containers-golang/README.md +++ b/vendor/github.com/seccomp/containers-golang/README.md @@ -1,13 +1,14 @@ `containers-golang` is a set of Go libraries used by container runtimes to generate and load seccomp mappings into the kernel. -seccomp (short for secure computing mode) is a computer security facility in the Linux kernel. It was merged into the Linux kernel mainline in kernel version 2.6.12, which was released on March 8, 2005.[1] seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write() to already-open file descriptors. Should it attempt any other system calls, the kernel will terminate the process with SIGKILL or SIGSYS[2][3]. In this sense, it does not virtualize the system's resources but isolates the process from them entirely. - -## Dependencies +seccomp (short for secure computing mode) is a BPF based syscall filter language and present a more conventional function-call based filtering interface that should be familiar to, and easily adopted by, application developers. ## Building + make - Generates default.json file, which containes the whitelisted syscalls that can be used by container runtime engines like [CRI-O][cri-o], [Buildah][buildah], [Podman][podman] and [Docker][docker], and container runtimes like OCI [Runc][runc] to controll the syscalls available to containers. ### Supported build tags + `seccomp` + ## Contributing When developing this library, please use `make` (or `make … BUILDTAGS=…`) to take advantage of the tests and validation. @@ -19,3 +20,10 @@ ASL 2.0 ## Contact - IRC: #[CRI-O](irc://irc.freenode.net:6667/#cri-o) on freenode.net + +[cri-o]: https://github.com/kubernetes-incubator/cri-o/pulls +[buildah]: https://github.com/projectatomic/buildah +[podman]: https://github.com/projectatomic/podman +[docker]: https://github.com/docker/docker +[runc]: https://github.com/opencontainers/runc + |