docker-cli

Author	SHA1	Message	Date
Sebastiaan van Stijn	32dd641688	Merge pull request #26266 from YuPengZTE/dev The etc and dot is seprated Upstream-commit: d93a62e9bef374ff501f155583e707c1ae77926b Component: engine	2016-09-17 03:37:00 +02:00
Akihiro Suda	23bac4b64f	apparmor: prohibit /sys/firmware/** from being accessed Some firmware information including SMBIOS and ACPI tables were unexpectedly exposed Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp> Upstream-commit: 693b4ac67ad0638be9defbae771f62d860380f31 Component: engine	2016-09-16 02:21:31 +00:00
lixiaobing10051267	849847f7b2	fix some incorrect symbols before executing command Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn> Upstream-commit: 7b73b5fd6acf7a8fc3e9cee3437221794879b7c6 Component: engine	2016-09-14 22:28:09 +08:00
Riyaz Faizullabhoy	7d2bc2d40d	Use latest version of notary server in trust sandbox docs Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> Upstream-commit: 40f823ccd8ce0c07a27a287f665b4cc0c0084569 Component: engine	2016-09-12 09:42:12 -07:00
YuPengZTE	297af6f7a7	The etc and dot is seprated Signed-off-by: YuPengZTE <yu.peng36@zte.com.cn> Upstream-commit: bd914ff5a31b1b39bdd9c0fbacf76c65c2b1e842 Component: engine	2016-09-07 09:02:16 +08:00
Antonio Murdaca	009555a4b2	New seccomp format Signed-off-by: Antonio Murdaca <runcom@redhat.com> Upstream-commit: 5ff21add06ce0e502b41a194077daad311901996 Component: engine	2016-09-01 11:53:07 +02:00
yuexiao-wang	c65cef03da	Replace docker command from 'docker daemon' to 'dockerd' Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn> Upstream-commit: 530668cb2262fc89e60a23d9a0f6555498b0171b Component: engine	2016-08-25 17:04:44 +08:00
Sebastiaan van Stijn	bb8ea42967	Fix capitalization Signed-off-by: YuPengZTE <yu.peng36@zte.com.cn> Signed-off-by: Sebastiaan van Stijn <github@gone.nl> Upstream-commit: 75e60fbe09f6065ed095671f98713d862c466858 Component: engine	2016-08-15 14:14:41 +02:00
Charles Smith	44701ad93a	add overlay networking security model node Signed-off-by: Charles Smith <charles.smith@docker.com> Upstream-commit: cc5debcb2e8621358721eb860c07f33f8b83d684 Component: engine	2016-08-12 13:17:24 -07:00
Michael Friis	abb7fbbaec	update intro to say there are four things to consider Signed-off-by: Michael Friis <friism@gmail.com> Upstream-commit: 9c37bf9f1fc28ef28dc62ea496e6f56dafcdfd89 Component: engine	2016-08-10 08:45:24 -07:00
Avi Vaid	5a0f28bcec	minor nit typo in opensl(openssl) genrsa -out delegation.key 2048 Signed-off-by: Avi Vaid <avaid1996@gmail.com> Upstream-commit: 570bad1974e767525ef513e48a0df19fc8b49e0c Component: engine	2016-08-04 15:07:20 -07:00
Sebastiaan van Stijn	6ae69a861f	Merge pull request #25318 from lixiaobing10051267/masterParentheses A parenthesis omitted in Seccomp.md Upstream-commit: d7c9c85e3093cef9e014be12951d226ab45bbba6 Component: engine	2016-08-02 12:27:19 +02:00
lixiaobing10051267	d7f691cfe1	A parenthesis omitted in Seccomp.md Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn> Upstream-commit: 227cae6680d9c2ff8b1583ab4efdec54bdc36688 Component: engine	2016-08-02 12:24:15 +08:00
Jess Frazelle	c5246dacc1	update non-events Signed-off-by: Jess Frazelle <jessfraz@google.com> Upstream-commit: 6837cfc13cba842186a7261aa9bbd3a8755fd11e Component: engine	2016-07-27 19:21:16 -04:00
Tonis Tiigi	1c460604bb	Update docker load security docs Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> Upstream-commit: f17469e890c1fd2ea9d63e7bfe1025df9754c97b Component: engine	2016-07-18 19:16:15 -07:00
Sebastiaan van Stijn	2fa3ccc004	Fix some broken sourceforge.net links Looks like there's issues with sourceforge project pages. Given that sourceforge isn't really what it used to be, trying to find alternative URLs where possible. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> Upstream-commit: 0e7a1079be5e87aae2abcda7c27a2b0e67270a50 Component: engine	2016-07-12 21:51:14 +02:00
Mansi Nahar	e2e3de5c59	Change content-trust doc to not point to images that don't exist #22730 Signed-off-by: Mansi Nahar <mmn4185@rit.edu> Upstream-commit: 82d70f440952951f2ce8aee34f3f750f540aed38 Component: engine	2016-07-11 12:41:03 -04:00
cyli	b0a6df1b32	Update content trust docs to reflect latest notary compose file changes, and to simplify the instructions by providing a single compose file that runs the notary server, registry, and a docker-in-docker trust sandbox. Signed-off-by: cyli <cyli@twistedmatrix.com> Upstream-commit: ba115b0a91970f434e41e9f72caccc01493a9729 Component: engine	2016-06-13 12:57:06 -07:00
Sebastiaan van Stijn	c7bd96a413	Merge pull request #23354 from riyazdf/notary-delegation-env Add link to notary environment vars from docker trust automation section Upstream-commit: 5b1060c7758aa6bfd2210515a3e24fb287322ed9 Component: engine	2016-06-09 00:09:28 +02:00
Riyaz Faizullabhoy	3e62c84c55	Add link to notary environment vars from docker trust automation section Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> Upstream-commit: 8d72ff3f5e5d3a3a0fb3645ef41ad72713c8298b Component: engine	2016-06-07 14:03:56 -07:00
allencloud	35c5774373	fix typos Signed-off-by: allencloud <allen.sun@daocloud.io> Upstream-commit: c1be45fa38e82054dcad606d71446a662524f2d5 Component: engine	2016-06-02 17:17:22 +08:00
Alexander Morozov	687f64e55c	Merge pull request #22679 from cyli/bump-notary-version Bump notary version up to 0.3.0 and re-vendor. Upstream-commit: c95f1fcbd9d6acc02c9af5fd62d21921b0150cd2 Component: engine	2016-05-12 14:38:07 -07:00
Vincent Demeester	5b0da6166c	Merge pull request #22694 from allencloud/fix-typos-in-docs docs: correct some typos Upstream-commit: 475c37dd66ce4b2f3994ac61a4494950e43873b9 Component: engine	2016-05-12 14:35:39 +02:00
Vincent Demeester	a6e840fdce	Merge pull request #22687 from haoshuwei/fix-docs-securitymd Fixing security.md Upstream-commit: edf5e097a2ee1e1b90a6634d6fa6cf1547dff65c Component: engine	2016-05-12 14:35:21 +02:00
allencloud	abeea999e4	fix typos in docs Signed-off-by: allencloud <allen.sun@daocloud.io> Upstream-commit: 57e2a82355c15005875fedc733dc45081af5a2d9 Component: engine	2016-05-12 18:38:02 +08:00
Sebastiaan van Stijn	c143020222	docs: update menu order in security section Signed-off-by: Sebastiaan van Stijn <github@gone.nl> Upstream-commit: 067e54eeacf691c49cc169b80acd814c62a504d0 Component: engine	2016-05-12 11:19:53 +02:00
Sebastiaan van Stijn	030412355e	Merge pull request #22579 from jfrazelle/docs-add-security-non-events docs: add security non-events Upstream-commit: a14e85c40d210252096bfb6bbef1e7b66e2e2bfd Component: engine	2016-05-12 11:17:47 +02:00
Hao Shu Wei	f4d78f4d50	Fixing security.md Signed-off-by: Hao Shu Wei <haoshuwei1989@163.com> Upstream-commit: 73d96a6b17b1fb8af71dc68d78e50f88b89f4167 Component: engine	2016-05-12 16:52:03 +08:00
cyli	f15ebde7e0	Bump notary version up to 0.3.0 and re-vendor. Signed-off-by: cyli <cyli@twistedmatrix.com> Upstream-commit: 6094be63ac3d29c23024daa2152719b653c78092 Component: engine	2016-05-11 22:57:51 -07:00
Sebastiaan van Stijn	d537ac63ac	docs: update seccomp whitelist the 'modify_ldt' was listed as "blocked by default", but was whitelisted in 13a9d4e8993997b2bf9be7e96a8d7978a73d0b9b this updates the documentation to reflect this Signed-off-by: Sebastiaan van Stijn <github@gone.nl> Upstream-commit: 2cddd1cd1f3135f36f6afcc84ddfda904aeee3b5 Component: engine	2016-05-11 18:45:27 +02:00
Jess Frazelle	a21f04a60f	docs: add security non-events Signed-off-by: Jess Frazelle <jess@mesosphere.com> Signed-off-by: Jess Frazelle <me@jessfraz.com> Upstream-commit: 6f06e98f57fe4564003d5b2adbe4ef2fcfbe8df8 Component: engine	2016-05-09 09:35:19 -07:00
Vincent Demeester	820803730c	Merge pull request #22386 from wenchma/dockerd Update the `docker daemon` to `dockerd` for document Upstream-commit: 1c1947dd29def10260e61688112eeac665761ace Component: engine	2016-05-04 15:07:53 +02:00
Wen Cheng Ma	79ba4ce6e9	Update the `docker daemon` to `dockerd` for document Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com> Upstream-commit: 24ec73f754da16e37726a3f1c6a59de508e255fc Component: engine	2016-04-29 09:06:02 +08:00
Antonio Murdaca	d722206339	Merge pull request #22344 from cpuguy83/seccomp_for_centos centos:7/oraclelinux:7 now includes libseccomp 2.2.1 Upstream-commit: 09021d6841b825dbaab901a34617358b03ae17ac Component: engine	2016-04-28 12:26:22 +02:00
Riyaz Faizullabhoy	e27d461e96	Update DCT docs with 1.11 info, fix typos Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> Upstream-commit: 77da3bcb72ba4f936c428cb2b912c007a94cb87a Component: engine	2016-04-27 09:57:54 -07:00
Brian Goff	ad49d67f49	centos:7/OL:7 now includes libseccomp 2.2.1 Signed-off-by: Brian Goff <cpuguy83@gmail.com> Upstream-commit: 1521a41fc578958d0238f95b43c49edab9a65a47 Component: engine	2016-04-26 20:48:26 -04:00
Thomas Grainger	a713f0b76d	Fix security documentation, XSS -> CSRF Signed-off-by: Thomas Grainger <tagrain@gmail.com> Upstream-commit: ea8f9c972393e0929e643190573412410bf39c6a Component: engine	2016-04-15 11:29:37 +01:00
Jess Frazelle	3b7a52e933	Add example to apparmor docs Signed-off-by: Jess Frazelle <jess@mesosphere.com> Upstream-commit: 80d63e2e112c75b1cc492ce52bdc0c61ef3c234c Component: engine	2016-04-14 10:59:47 -07:00
Tibor Vass	48cef14de6	Merge pull request #21367 from mlaventure/containerd-docs-cleanup Remove unneeded references to execDriver Upstream-commit: 3ce494f48cc37b1e4065b62e58ec1c0a5df0e00c Component: engine	2016-03-22 19:40:27 -04:00
Kenfe-Mickael Laventure	bf213f3332	Remove unneeded references to execDriver This includes: - updating the docs - removing dangling variables Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com> Upstream-commit: 8af4f89cba09105f3d581926aca6e231326f7054 Component: engine	2016-03-21 13:06:08 -07:00
cyli	5039737b8d	Include documentation on how to add the targets/releases delegation to a repo Signed-off-by: cyli <cyli@twistedmatrix.com> Upstream-commit: 88d73ebff43ef6031f169e8333f2d67e4f4f9d93 Component: engine	2016-03-21 12:06:10 -07:00
Jess Frazelle	ef4d935247	Merge pull request #21232 from calavera/consolidate_security_opts_format Consolidate security options to use `=` as separator. Upstream-commit: 06e98f0a5cf59c040e9f753d60f33ba22256d55c Component: engine	2016-03-18 16:02:38 -07:00
Yong Tang	df52f37984	Fix several typos in the documentation. This pull request fixes several typos in the documentation. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> Upstream-commit: 3c6aa163a3fd04c344a2072ab379f0778734b269 Component: engine	2016-03-17 18:29:35 +00:00
David Calavera	cb854bf11c	Consolidate security options to use `=` as separator. All other options we have use `=` as separator, labels, log configurations, graph configurations and so on. We should be consistent and use `=` for the security options too. Signed-off-by: David Calavera <david.calavera@gmail.com> Upstream-commit: cb9aeb0413ca75bb3af7fa723a1f2e6b2bdbcb0e Component: engine	2016-03-17 13:34:42 -04:00
David Calavera	d4aa4c77d4	Merge pull request #21279 from WeiZhang555/typo Fix typo Upstream-commit: 553ffa7fd77d3dd18a77e601dccf0892996474c5 Component: engine	2016-03-17 08:20:26 -07:00
Zhang Wei	2250308978	Fix typo Signed-off-by: Zhang Wei <zhangwei555@huawei.com> Upstream-commit: ca64269165fb30765d7ea0b0b231674df8da157b Component: engine	2016-03-17 16:13:51 +08:00
Justin Cormack	d8866a7bcc	Add new syscalls in libseccomp 2.3.0 to seccomp default profile This adds the following new syscalls that are supported in libseccomp 2.3.0, including calls added up to kernel 4.5-rc4: mlock2 - same as mlock but with a flag copy_file_range - copy file contents, like splice but with reflink support. The following are not added, and mentioned in docs: userfaultfd - userspace page fault handling, mainly designed for process migration The following are not added, only apply to less common architectures: switch_endian membarrier breakpoint set_tls I plan to review the other architectures, some of which can now have seccomp enabled in the build as they are now supported. Signed-off-by: Justin Cormack <justin.cormack@docker.com> Upstream-commit: 96896f2d0bc16269778dd4f60a4920b49953ffed Component: engine	2016-03-16 21:17:32 +00:00
Justin Cormack	8df9af807b	Allow restart_syscall in default seccomp profile Fixes #20818 This syscall was blocked as there was some concern that it could be used to bypass filtering of other syscall arguments. However none of the potential syscalls where this could be an issue (poll, nanosleep, clock_nanosleep, futex) are blocked in the default profile anyway. Signed-off-by: Justin Cormack <justin.cormack@docker.com> Upstream-commit: 5abd881883883a132f96f8adb1b07b5545af452b Component: engine	2016-03-11 16:44:11 +00:00
Antonio Murdaca	fdf616950e	docs: security: seccomp: mention Docker needs seccomp build and check config Signed-off-by: Antonio Murdaca <runcom@redhat.com> Upstream-commit: dc0397c9a8ae7b5074dfbbad71ed7dd37b163a48 Component: engine	2016-03-03 12:04:09 +01:00
Steven Iveson	2932936552	Update seccomp.md Corrected titles to use title case. Added link to default.json and some numerical detail. Changed example JSON to a portion of the actual default file, with the correct defaultAction. Signed-off-by: Steven Iveson <steven.iveson@infinityworks.com> Upstream-commit: 244e5fc51653b47a974ad111022ea923ddebaf05 Component: engine	2016-02-29 16:32:45 +00:00

1 2

81 Commits