History

Valentin Rothberg 3e9cdd9c53 layer tree: be more resilient Make operating on the layer tree more resilient towards parallel image removals by checking for unknown-image errors. This partially fixes below linked BZ. At the time of writing, I do not have a reliable easy (and short running) reproducer. Hence, I suggest to merge this change without tests and rely on either Podman CI (which doesn't have a reliable test yet either) and the QE team (will be informed). BZ: bugzilla.redhat.com/show_bug.cgi?id=2216700 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>		2023-06-23 13:00:20 +02:00
..
.github	bump golangci-lint to v1.53.3	2023-06-16 17:08:24 +02:00
cmd/seccomp	Gofumpt the code	2022-04-09 16:50:11 -07:00
docs	config: add CompressionLevel to containers.conf	2023-06-21 12:05:52 +02:00
libimage	layer tree: be more resilient	2023-06-23 13:00:20 +02:00
libnetwork	libnetwork/slirp4netns: add Pdeathsig option	2023-06-22 12:30:27 +02:00
logos	Sizing adjustment to youki logo	2023-04-05 14:19:53 -04:00
pkg	pkg/util: add WaitForFile() from podman	2023-06-21 18:39:05 +02:00
tests	new libimage package	2021-04-21 11:17:47 +02:00
tools	seccomp: add CI check for up-to-date seccomp.json	2021-01-27 21:40:45 +11:00
vendor	fix(deps): update module github.com/onsi/ginkgo/v2 to v2.11.0	2023-06-17 07:57:24 +00:00
version	Move to v0.54.0-dev	2023-04-26 12:40:33 +02:00
.cirrus.yml	chore(deps): update dependency containers/automation_images to v20230614	2023-06-14 23:06:00 +00:00
.codespellrc	Create .codespellrc	2022-03-30 11:39:49 -07:00
.gitignore	libnetwork/netavark: add test plugin	2023-04-04 18:20:18 +02:00
.golangci-extra.yml	CI: enable extra linters for new code	2022-05-16 19:54:38 -07:00
.golangci.yml	.golanci-lint: enable gofumpt	2022-05-16 20:01:08 -07:00
CODE-OF-CONDUCT.md	[CI:DOCS] Add more logos and Fix logo in Code of Conduct	2022-05-13 16:23:23 -04:00
CONTRIBUTING.md	fix typo	2018-12-10 12:57:11 +01:00
LICENSE	add Apache 2.0 license file	2019-11-18 10:41:54 +01:00
Makefile	bump golangci-lint to v1.53.3	2023-06-16 17:08:24 +02:00
OWNERS	OWNERS: add @mtrmac	2022-05-19 17:30:17 +02:00
README.md	Update README.md	2022-02-23 17:58:54 +01:00
SECURITY.md	Touch up Security title	2020-05-04 17:47:51 -04:00
go.mod	fix(deps): update module github.com/onsi/ginkgo/v2 to v2.11.0	2023-06-17 07:57:24 +00:00
go.sum	fix(deps): update module github.com/onsi/ginkgo/v2 to v2.11.0	2023-06-17 07:57:24 +00:00

README.md

containers/common

Location for shared common files and common go code to manage those files in github.com/containers repos.

The common files to one or more projects in the containers group will be kept in this repository.

It will be up to the individual projects to include the files from this repository.

seccomp

The seccomp package in pkg/seccomp is a set of Go libraries used by container runtimes to generate and load seccomp mappings into the kernel.

seccomp (short for secure computing mode) is a BPF based syscall filter language and present a more conventional function-call based filtering interface that should be familiar to, and easily adopted by, application developers.

Building the seccomp.json file

The make target make seccomp.json generates the seccomp.json file, which contains the allowed list of syscalls that can be used by container runtime engines like CRI-O, Buildah, Podman and Docker, and container runtimes like OCI Runc to control the syscalls available to containers.

Supported build tags

pkg/apparmor: apparmor, linux
pkg/seccomp: seccomp
pkg/config: darwin, remote, linux, systemd
pkg/sysinfo: linux, solaris, windows, cgo
pkg/cgroupv2: linux

Contributing

When developing this library, please use make (or make … BUILDTAGS=…) to take advantage of the tests and validation.

Contact

IRC: #containers on freenode.net