opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-03 11:49:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

Start using github.com/seccomp/containers-golang

Browse Source 
User newer seccomp bindings from the seccomp upstream

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #1021
Approved by: giuseppe
This commit is contained in:
Daniel J Walsh
2018-06-28 14:30:34 -04:00
committed by Atomic Bot
parent c09bbe8e06
commit 810f2b6061
8 changed files with 964 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
vendor/github.com/seccomp/containers-golang/README.md generated vendored Normal file
View File

@@ -0,0 +1,21 @@
`containers-golang` is a set of Go libraries used by container runtimes to generate and load seccomp mappings into the kernel.
seccomp (short for secure computing mode) is a computer security facility in the Linux kernel. It was merged into the Linux kernel mainline in kernel version 2.6.12, which was released on March 8, 2005.[1] seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write() to already-open file descriptors. Should it attempt any other system calls, the kernel will terminate the process with SIGKILL or SIGSYS[2][3]. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.
## Dependencies
## Building
### Supported build tags
## Contributing
When developing this library, please use `make` (or `make … BUILDTAGS=…`) to take advantage of the tests and validation.
## License
ASL 2.0
## Contact
- IRC: #[CRI-O](irc://irc.freenode.net:6667/#cri-o) on freenode.net