History

Valentin Rothberg 32a28aee73 new libimage package The new `libimage` package is an attempt to consolidate the code for managing container images and performing operations on them such as pulling, pushing, saving, searching, local lookups, removing etc. Over time, Buildah, CRI-O and Podman diverged with respect to managing container images resulting in a high amount of code duplication rendering the tools harder to maintain (e.g., bug fixes) and harder to extend (e.g., adding new features) than necessary. The desire to share all that code in a common library grew and this is an attempt to address the it. The changes as they are now pass Buildah CI [1]. Once merged into Buildah, I expect follow up changes when migrating Podman over to `libimage`. Miscellaneous changes: * Copy `podman/pkg/signal` to `pkg/signal`. * Copy `buildah/manifests` to `image/manifests`. Note that the unit tests require root privileges. Skip()'s are added when running rootless. Currently excluded from linting. * Copy `buildah/pkg/manifests` to `pkg/manifests`. Currently excluded from linting. * Copy `buildah/pkg/supplemented` to `pkg/supplemented`. Currently excluded from linting. [1] github.com/containers/buildah/pull/3148 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>		2021-04-21 11:17:47 +02:00
..
.github	Remove `vendor` from dependabot config	2021-03-10 13:58:55 +01:00
cmd/seccomp	Migrate seccomp/containers-golang	2020-08-27 10:15:31 +02:00
docs	Add missing values to containers.conf man bpage	2021-02-09 14:17:48 -05:00
libimage	new libimage package	2021-04-21 11:17:47 +02:00
logos	rename images to logos	2021-04-06 11:24:38 +02:00
pkg	new libimage package	2021-04-21 11:17:47 +02:00
tests	new libimage package	2021-04-21 11:17:47 +02:00
tools	seccomp: add CI check for up-to-date seccomp.json	2021-01-27 21:40:45 +11:00
vendor	new libimage package	2021-04-21 11:17:47 +02:00
version	Move to v0.36.1-dev	2021-04-13 09:11:30 -04:00
.cirrus.yml	Migrate seccomp/containers-golang	2020-08-27 10:15:31 +02:00
.gitignore	Migrate seccomp/containers-golang	2020-08-27 10:15:31 +02:00
.golangci.yml	new libimage package	2021-04-21 11:17:47 +02:00
CODE-OF-CONDUCT.md	Initial Code of Conduct	2020-02-01 16:35:55 -05:00
CONTRIBUTING.md	fix typo	2018-12-10 12:57:11 +01:00
LICENSE	add Apache 2.0 license file	2019-11-18 10:41:54 +01:00
Makefile	new libimage package	2021-04-21 11:17:47 +02:00
OWNERS	Add owners file	2020-08-25 10:59:53 -05:00
README.md	Migrate seccomp/containers-golang	2020-08-27 10:15:31 +02:00
SECURITY.md	Touch up Security title	2020-05-04 17:47:51 -04:00
go.mod	new libimage package	2021-04-21 11:17:47 +02:00
go.sum	new libimage package	2021-04-21 11:17:47 +02:00

README.md

containers/common

Location for shared common files and common go code to manage those files in github.com/containers repos.

The common files to one or more projects in the containers group will be kept in this repository.

It will be up to the individual projects to include the files from this repository.

seccomp

The seccomp package in pkg/seccomp is a set of Go libraries used by container runtimes to generate and load seccomp mappings into the kernel.

seccomp (short for secure computing mode) is a BPF based syscall filter language and present a more conventional function-call based filtering interface that should be familiar to, and easily adopted by, application developers.

Building the seccomp.json file

The make target make seccomp.json generates the seccomp.json file, which contains the allowed list of syscalls that can be used by container runtime engines like CRI-O, Buildah, Podman and Docker, and container runtimes like OCI Runc to control the syscalls available to containers.

Supported build tags

pkg/apparmor: apparmor, linux
pkg/seccomp: seccomp
pkg/config: darwin, remote, linux, systemd
pkg/sysinfo: linux, solaris, windows, cgo
pkg/cgroupv2: linux

Contributing

When developing this library, please use make (or make … BUILDTAGS=…) to take advantage of the tests and validation.

Contact

IRC: #containers on freenode.net