containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
automation-tests/common
History
maybe-sybr 971974173b fix: Set `ping_group_range` to `0 0` by default 
This sysctl is an inclusive range and since the intention is to only
allow ping for root, setting it to `0 0` is adequate. This change
ensures that if a container is run from a user namespace where GID 1
isn't mapped, we won't get an EINVAL back when attempting to write this
sysctl value which would then cause an OCI runtime error.

Fixes #345
 		2020-11-09 09:04:30 +11:00
..
.github Use correct URL for contributing guidelines (closes #4) 2019-07-08 10:53:41 -05:00
cmd/seccomp Migrate seccomp/containers-golang 2020-08-27 10:15:31 +02:00
docs Enabled the remote flag to be accessible by users 2020-10-30 05:11:43 -04:00
images Initial Code of Conduct 2020-02-01 16:35:55 -05:00
pkg fix: Set `ping_group_range` to `0 0` by default 2020-11-09 09:04:30 +11:00
tools Use a loop to go through repos in quay script 2020-07-01 20:14:55 -04:00
vendor Bump github.com/containers/storage from 1.23.8 to 1.23.9 2020-11-04 05:07:49 -05:00
version Move to v0.26.4-dev 2020-10-27 06:48:04 -04:00
.cirrus.yml Migrate seccomp/containers-golang 2020-08-27 10:15:31 +02:00
.gitignore Migrate seccomp/containers-golang 2020-08-27 10:15:31 +02:00
.golangci.yml Add BuildFilter() and ValidateProfile() API 2020-08-27 21:09:59 +02:00
CODE-OF-CONDUCT.md Initial Code of Conduct 2020-02-01 16:35:55 -05:00
CONTRIBUTING.md fix typo 2018-12-10 12:57:11 +01:00
LICENSE add Apache 2.0 license file 2019-11-18 10:41:54 +01:00
Makefile Migrate seccomp/containers-golang 2020-08-27 10:15:31 +02:00
OWNERS Add owners file 2020-08-25 10:59:53 -05:00
README.md Migrate seccomp/containers-golang 2020-08-27 10:15:31 +02:00
SECURITY.md Touch up Security title 2020-05-04 17:47:51 -04:00
go.mod Bump github.com/containers/storage from 1.23.8 to 1.23.9 2020-11-04 05:07:49 -05:00
go.sum Bump github.com/containers/storage from 1.23.8 to 1.23.9 2020-11-04 05:07:49 -05:00

README.md

containers/common

Location for shared common files and common go code to manage those files in github.com/containers repos.

The common files to one or more projects in the containers group will be kept in this repository.

It will be up to the individual projects to include the files from this repository.

seccomp

The seccomp package in pkg/seccomp is a set of Go libraries used by container runtimes to generate and load seccomp mappings into the kernel.

seccomp (short for secure computing mode) is a BPF based syscall filter language and present a more conventional function-call based filtering interface that should be familiar to, and easily adopted by, application developers.

Building the seccomp.json file

The make target make seccomp.json generates the seccomp.json file, which contains the allowed list of syscalls that can be used by container runtime engines like CRI-O, Buildah, Podman and Docker, and container runtimes like OCI Runc to control the syscalls available to containers.

Supported build tags

Contributing

When developing this library, please use make (or make … BUILDTAGS=…) to take advantage of the tests and validation.

Contact