opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-11-01 02:42:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/docs/source/markdown/options/security-opt.image.md
Giuseppe Scrivano 77847bd67a docs: make --seccomp=profile.json clearer 
There are not only allowed syscalls, also blocked ones or handled
differently.

[CI:DOCS]

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2024-02-07 13:16:35 +01:00

1016 B
Raw Blame History

####> This option file is used in: ####> podman build, farm build ####> If file is edited, make sure the changes ####> are applicable to all of those.

--security-opt=option

Security Options

  • apparmor=unconfined : Turn off apparmor confinement for the container

  • apparmor=alternate-profile : Set the apparmor confinement profile for the container

  • label=user:USER : Set the label user for the container processes

  • label=role:ROLE : Set the label role for the container processes

  • label=type:TYPE : Set the label process type for the container processes

  • label=level:LEVEL : Set the label level for the container processes

  • label=filetype:TYPE : Set the label file type for the container files

  • label=disable : Turn off label separation for the container

  • no-new-privileges : Not supported

  • seccomp=unconfined : Turn off seccomp confinement for the container

  • seccomp=profile.json : JSON file to be used as the seccomp filter for the container.