the instructions by providing a single compose file that runs the notary server, registry,
and a docker-in-docker trust sandbox.
Signed-off-by: cyli <cyli@twistedmatrix.com>
Upstream-commit: ba115b0a91970f434e41e9f72caccc01493a9729
Component: engine
the 'modify_ldt' was listed as "blocked by default",
but was whitelisted in 13a9d4e8993997b2bf9be7e96a8d7978a73d0b9b
this updates the documentation to reflect this
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 2cddd1cd1f3135f36f6afcc84ddfda904aeee3b5
Component: engine
This pull request fixes several typos in the documentation.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 3c6aa163a3fd04c344a2072ab379f0778734b269
Component: engine
All other options we have use `=` as separator, labels,
log configurations, graph configurations and so on.
We should be consistent and use `=` for the security
options too.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: cb9aeb0413ca75bb3af7fa723a1f2e6b2bdbcb0e
Component: engine
This adds the following new syscalls that are supported in libseccomp 2.3.0,
including calls added up to kernel 4.5-rc4:
mlock2 - same as mlock but with a flag
copy_file_range - copy file contents, like splice but with reflink support.
The following are not added, and mentioned in docs:
userfaultfd - userspace page fault handling, mainly designed for process migration
The following are not added, only apply to less common architectures:
switch_endian
membarrier
breakpoint
set_tls
I plan to review the other architectures, some of which can now have seccomp
enabled in the build as they are now supported.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 96896f2d0bc16269778dd4f60a4920b49953ffed
Component: engine
Fixes#20818
This syscall was blocked as there was some concern that it could be
used to bypass filtering of other syscall arguments. However none of the
potential syscalls where this could be an issue (poll, nanosleep,
clock_nanosleep, futex) are blocked in the default profile anyway.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 5abd881883883a132f96f8adb1b07b5545af452b
Component: engine
Corrected titles to use title case. Added link to default.json and some numerical detail. Changed example JSON to a portion of the actual default file, with the correct defaultAction.
Signed-off-by: Steven Iveson <steven.iveson@infinityworks.com>
Upstream-commit: 244e5fc51653b47a974ad111022ea923ddebaf05
Component: engine
Just some suggested wording to update this page to take account of User Namespaces being available as of 1.10.
Signed-off-by: Rory McCune <rorym@mccune.org.uk>
Upstream-commit: c1e53ad1aa9d82568efc045444a5df76b1471905
Component: engine
Seccomp is only *compiled* in binaries built for
distros that ship with seccomp 2.2.1 or higher,
and in the static binaries.
The static binaries are not really useful for
RHEL and CentOS, because devicemapper does
not work properly with the static binaries,
so static binaries is only an option for Ubuntu
and Debian.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 13839a6d328692c672394811ee3afd9a168fc328
Component: engine
Fixing the links
Updating with Seb's comments
Adding weight
Fixing the engine aliases
Updating after Arun pushed
Removing empty file
Signed-off-by: Mary Anthony <mary@docker.com>
Upstream-commit: e310d070f498a2ac494c6d3fde0ec5d6e4479e14
Component: engine
Entering comments from reviewers
Updating with Derek's comments
Fixing bad links reported by build
Signed-off-by: Mary Anthony <mary@docker.com>
Upstream-commit: 4c76c665b73dbd0beb0cb465caa921cbeb1cf61f
Component: engine
Signed-off-by: Mary Anthony <mary@docker.com>
Updaing and slight re-arrangement of security information
Signed-off-by: Mary Anthony <mary@docker.com>
Updating security files
Signed-off-by: Mary Anthony <mary@docker.com>
Updating links to the security documentation
Signed-off-by: Mary Anthony <mary@docker.com>
removing some extra spaces
Signed-off-by: Mary Anthony <mary@docker.com>
Correcting spelling
Signed-off-by: Mary Anthony <mary@docker.com>
Upstream-commit: 61553fc2f538a7fe8f83e6b41a93722b5c61d374
Component: engine
GitHub flavored markdown is now supported for links and images. Also, ran LinkChecker and FileResolver. Yay!
Fixes from Spider check
Output for docker/docker now goes into engine directory
Signed-off-by: Mary Anthony <mary@docker.com>
Upstream-commit: 8fee1c2020186ac100b45e64864b94ae3a169ad5
Component: engine
