containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
automation-tests/common
History
Paul Holzinger 2589ef49aa libnetwork/rootlessnetns: make mountns tree private 
While this is a none issue normally because we run in a unprivileged
userns we cannot modify the host mounts in any way. However in case
where the rootless netns logic might be executed from a non userns
context we might change the mount tree if the mounts are shared which is
the systemd default. While this should never happen let's make sure we
never mess up the system by accident in case there are more bugs and
explicitly make our mount tree private.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 		2024-04-03 11:40:44 +02:00
..
.github github: bump go version for lint to 1.22 2024-03-06 13:03:55 +01:00
cmd/seccomp chore: remove outdated build constraints 2024-01-03 22:56:00 +02:00
docs feat: add a config to set in cdi directories 2024-03-28 09:45:07 -07:00
hack CI: check for possible diff after make vendor 2023-07-12 14:21:24 +02:00
internal pkg/manifests.List: add SetSubject()/Subject() 2024-02-05 09:36:48 -05:00
libimage Merge pull request #1919 from nalind/index-resolve-images 2024-04-02 18:44:48 +00:00
libnetwork libnetwork/rootlessnetns: make mountns tree private 2024-04-03 11:40:44 +02:00
logos Sizing adjustment to youki logo 2023-04-05 14:19:53 -04:00
pkg Merge pull request #1919 from nalind/index-resolve-images 2024-04-02 18:44:48 +00:00
tests
tools
vendor fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1 2024-03-24 17:00:51 +00:00
version Bump to v0.59.0-dev 2024-03-06 09:48:10 -05:00
.cirrus.yml CI: bump VMs to 2024-03-20 2024-03-21 08:24:22 -06:00
.codespelldict Fix typos across repo; extend codespell config 2024-01-03 23:38:47 +02:00
.codespellrc libnetwork/rootlessnetns: make mountns tree private 2024-04-03 11:40:44 +02:00
.gitignore libnetwork/netavark: add test plugin 2023-04-04 18:20:18 +02:00
.golangci-extra.yml CI: enable extra linters for new code 2022-05-16 19:54:38 -07:00
.golangci.yml lint: enable ginkgolinter 2024-03-18 11:51:54 +01:00
CODE-OF-CONDUCT.md Add list members emails to the CoC 2023-09-28 14:25:17 -04:00
CONTRIBUTING.md
LICENSE
Makefile lint: update golangci-lint to v1.56.2 2024-03-05 18:10:32 +01:00
OWNERS OWNERS: add @mtrmac 2022-05-19 17:30:17 +02:00
README.md Update README.md 2022-02-23 17:58:54 +01:00
SECURITY.md
go.mod fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1 2024-03-24 17:00:51 +00:00
go.sum fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1 2024-03-24 17:00:51 +00:00

README.md

containers/common

Location for shared common files and common go code to manage those files in github.com/containers repos.

The common files to one or more projects in the containers group will be kept in this repository.

It will be up to the individual projects to include the files from this repository.

seccomp

The seccomp package in pkg/seccomp is a set of Go libraries used by container runtimes to generate and load seccomp mappings into the kernel.

seccomp (short for secure computing mode) is a BPF based syscall filter language and present a more conventional function-call based filtering interface that should be familiar to, and easily adopted by, application developers.

Building the seccomp.json file

The make target make seccomp.json generates the seccomp.json file, which contains the allowed list of syscalls that can be used by container runtime engines like CRI-O, Buildah, Podman and Docker, and container runtimes like OCI Runc to control the syscalls available to containers.

Supported build tags

Contributing

When developing this library, please use make (or make … BUILDTAGS=…) to take advantage of the tests and validation.

Contact