8eb373cb0a
cmd/podman needs that functionality as well, so I figured it makes sense to break it into a separate package to reduce code clones. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> |
||
|---|---|---|
| .. | ||
| .github | ||
| cmd/seccomp | ||
| docs | ||
| libimage | ||
| logos | ||
| pkg | ||
| tests | ||
| tools | ||
| vendor | ||
| version | ||
| .cirrus.yml | ||
| .gitignore | ||
| .golangci.yml | ||
| CODE-OF-CONDUCT.md | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| Makefile | ||
| OWNERS | ||
| README.md | ||
| SECURITY.md | ||
| go.mod | ||
| go.sum | ||
README.md
containers/common
Location for shared common files and common go code to manage those files in github.com/containers repos.
The common files to one or more projects in the containers group will be kept in this repository.
It will be up to the individual projects to include the files from this repository.
seccomp
The seccomp package in pkg/seccomp is a set of Go libraries
used by container runtimes to generate and load seccomp mappings into the
kernel.
seccomp (short for secure computing mode) is a BPF based syscall filter language and present a more conventional function-call based filtering interface that should be familiar to, and easily adopted by, application developers.
Building the seccomp.json file
The make target make seccomp.json generates the seccomp.json file, which
contains the allowed list of syscalls that can be used by container runtime
engines like CRI-O, Buildah, Podman and
Docker, and container runtimes like OCI Runc to control the
syscalls available to containers.
Supported build tags
pkg/apparmor:apparmor,linuxpkg/seccomp:seccomppkg/config:darwin,remote,linux,systemdpkg/sysinfo:linux,solaris,windows,cgopkg/cgroupv2:linux
Contributing
When developing this library, please use make (or make … BUILDTAGS=…) to
take advantage of the tests and validation.
Contact
- IRC: #containers on freenode.net