| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Remove outdated seccomp policy | Matthew Heon | 2020-07-13 |
| | | | | | | | | | | | | | | | | | | | Some time ago, we moved the Seccomp policy (and related setup code) to a place where all our tools could share it [1]. We did not, however, remove the in-repo seccomp.json file. Over the last year or so, the in-repo seccomp policy has become progressively more and more outdated, with no effort made to maintain it (because what sense is there in keeping a duplicate?). Today, a friend came to me and asked if a Podman container could access keyctl, assuming it could not because he was reading the outdated Seccomp policy which does not allow it. Since it's becoming clear that this file is doing no good and actively causing confusion, let's just drop it. [1] https://github.com/seccomp/containers-golang Signed-off-by: Matthew Heon <mheon@redhat.com> | ||
| * | update seccomp.json | Valentin Rothberg | 2018-11-08 |
| | | | | | | | | | | | | | | | | Merge the following changes from the upstream Moby seccomp profile: * commit b2a907c8cab6 ("Whitelist statx syscall for libseccomp-2.3.3 onward") * commit 47dfff68e436 ("Whitelist syscalls linked to CAP_SYS_NICE in default seccomp profile") * commit ccd22ffcc8b5 ("Move the syslog syscall to be gated by CAP_SYS_ADMIN or CAP_SYSLOG") Signed-off-by: Valentin Rothberg <vrothberg@suse.com> | ||
| * | Initial checkin from CRI-O repo | Matthew Heon | 2017-11-01 |
| Signed-off-by: Matthew Heon <matthew.heon@gmail.com> | |||
 |
index : containers/podman.git | |
| forked from: https://github.com/containers/podman.git | User & |
| summaryrefslogtreecommitdiff |
path: root/seccomp.json