opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-17 23:20:59 +08:00
Code Issues Packages Projects Releases Wiki Activity
5,964 Commits 51 Branches 247 Tags
Commit Graph

12 Commits

Author SHA1 Message Date
Daniel J Walsh
316e51f0a9 Add support & documentation to run containers with different file types 
Udica is adding new features to allow users to define container process
and file types. This would allow us to setup trusted communications channels
between multiple security domains.  ContainerA -> ContainerB -> ContainerC

Add tests to make sure users can change file types

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2019-08-13 10:16:01 -04:00
Valentin Rothberg
2388222e98 update dependencies 
Ran a `go get -u` and bumped K8s deps to 1.15.0.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2019-06-24 21:29:31 +02:00
Valentin Rothberg
d697456dc9 migrate to go-modules 
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2019-06-24 13:20:59 +02:00
Daniel J Walsh
8cf929c095 Vendor in latest opencontainers/selinux 
This will now verify labels passed in by the user.
Will also prevent users from accidently relabeling their homedir.

podman run -ti -v ~/home/user:Z fedora sh

Is not a good idea.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2019-01-18 17:08:46 -05:00
Daniel J Walsh
64ac546259 Set Socket label for contianer 
This will allow container processes to write to the CRIU socket that gets injected
into the container.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2018-12-12 04:22:44 -08:00
Giuseppe Scrivano
c4a592b632 vendor: update selinux 
inherit a change for not failing a recursive relabelling if the file
is removed between the directory is read and the lsetxattr syscall.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2018-11-28 10:51:37 +01:00
Daniel J Walsh
57b0b89d0c Vendor in latest containers/storage opencontainers/selinux 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2018-10-23 10:32:32 -04:00
baude
767b3ddc43 vendor in selinux and buildah for darwin compilation 
Signed-off-by: baude <bbaude@redhat.com>

Closes: #1037
Approved by: baude
 2018-07-02 20:39:16 +00:00
Daniel J Walsh
3a471c7161 Vendor in go-selinux again 
Baude found an error in non linux bindings.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2018-06-26 14:21:41 -04:00
Daniel J Walsh
56133f7263 Update the vendoring of github.com/opencontainers/selinux 
THis should make libpod easier to build on non linux platforms.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #1000
Approved by: mheon
 2018-06-26 16:21:54 +00:00
Daniel J Walsh
aa1ccfb094 Vendor in latest go-selinux 
This should fix the issue with iptables being denied execution on
container cleanup

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #966
Approved by: mheon
 2018-06-19 15:09:09 +00:00
Matthew Heon
a031b83a09 Initial checkin from CRI-O repo 
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
 2017-11-01 11:24:59 -04:00