From 237fe441b373ea129ca45421056fca4532112851 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Mon, 13 Jul 2020 16:22:24 -0400 Subject: Remove outdated seccomp policy Some time ago, we moved the Seccomp policy (and related setup code) to a place where all our tools could share it [1]. We did not, however, remove the in-repo seccomp.json file. Over the last year or so, the in-repo seccomp policy has become progressively more and more outdated, with no effort made to maintain it (because what sense is there in keeping a duplicate?). Today, a friend came to me and asked if a Podman container could access keyctl, assuming it could not because he was reading the outdated Seccomp policy which does not allow it. Since it's becoming clear that this file is doing no good and actively causing confusion, let's just drop it. [1] https://github.com/seccomp/containers-golang Signed-off-by: Matthew Heon --- Makefile | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 5c813dac5..3f626d359 100644 --- a/Makefile +++ b/Makefile @@ -443,7 +443,7 @@ swagger-check: .PHONY: codespell codespell: - codespell -S bin,vendor,.git,go.sum,changelog.txt,seccomp.json,.cirrus.yml,"*.xz,*.gz,*.tar,*.tgz,bin2img,*ico,*.png,*.1,*.5,copyimg,*.orig,apidoc.go" -L uint,iff,od,seeked,splitted,marge,ERRO,hist -w + codespell -S bin,vendor,.git,go.sum,changelog.txt,.cirrus.yml,"*.xz,*.gz,*.tar,*.tgz,bin2img,*ico,*.png,*.1,*.5,copyimg,*.orig,apidoc.go" -L uint,iff,od,seeked,splitted,marge,ERRO,hist -w # When publishing releases include critical build-time details .PHONY: release.txt @@ -540,12 +540,6 @@ install.man-nobuild: .PHONY: install.man install.man: docs install.man-nobuild -.PHONY: install.seccomp -install.seccomp: - # TODO: we should really be using the upstream one from github.com/seccomp - install ${SELINUXOPT} -d -m 755 $(DESTDIR)$(SHAREDIR_CONTAINERS) - install ${SELINUXOPT} -m 644 seccomp.json $(DESTDIR)$(SHAREDIR_CONTAINERS)/seccomp.json - .PHONY: install.completions install.completions: install ${SELINUXOPT} -d -m 755 ${DESTDIR}${BASHINSTALLDIR} -- cgit v1.2.3-54-g00ecf