kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity
27439 commits 10 branches 356 tags 299 MiB
Commit graph

81 commits

Author SHA1 Message Date
Sebastiaan van Stijn
d93a62e9be Merge pull request from YuPengZTE/dev 
The etc and dot is seprated
 2016-09-17 03:37:00 +02:00
Akihiro Suda
693b4ac67a apparmor: prohibit /sys/firmware/** from being accessed 
Some firmware information including SMBIOS and ACPI tables were unexpectedly exposed

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2016-09-16 02:21:31 +00:00
lixiaobing10051267
7b73b5fd6a fix some incorrect symbols before executing command 
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
 2016-09-14 22:28:09 +08:00
Riyaz Faizullabhoy
40f823ccd8 Use latest version of notary server in trust sandbox docs 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-09-12 09:42:12 -07:00
YuPengZTE
bd914ff5a3 The etc and dot is seprated 
Signed-off-by: YuPengZTE <yu.peng36@zte.com.cn>
 2016-09-07 09:02:16 +08:00
Antonio Murdaca
5ff21add06
New seccomp format 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 2016-09-01 11:53:07 +02:00
yuexiao-wang
530668cb22 Replace docker command from 'docker daemon' to 'dockerd' 
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
 2016-08-25 17:04:44 +08:00
Sebastiaan van Stijn
75e60fbe09
Fix capitalization 
Signed-off-by: YuPengZTE <yu.peng36@zte.com.cn>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2016-08-15 14:14:41 +02:00
Charles Smith
cc5debcb2e add overlay networking security model node 
Signed-off-by: Charles Smith <charles.smith@docker.com>
 2016-08-12 13:17:24 -07:00
Michael Friis
9c37bf9f1f update intro to say there are four things to consider 
Signed-off-by: Michael Friis <friism@gmail.com>
 2016-08-10 08:45:24 -07:00
Avi Vaid
570bad1974 minor nit typo in opensl(openssl) genrsa -out delegation.key 2048 
Signed-off-by: Avi Vaid <avaid1996@gmail.com>
 2016-08-04 15:07:20 -07:00
Sebastiaan van Stijn
d7c9c85e30 Merge pull request from lixiaobing10051267/masterParentheses 
A parenthesis omitted in Seccomp.md
 2016-08-02 12:27:19 +02:00
lixiaobing10051267
227cae6680 A parenthesis omitted in Seccomp.md 
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
 2016-08-02 12:24:15 +08:00
Jess Frazelle
6837cfc13c update non-events 
Signed-off-by: Jess Frazelle <jessfraz@google.com>
 2016-07-27 19:21:16 -04:00
Tonis Tiigi
f17469e890 Update docker load security docs 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2016-07-18 19:16:15 -07:00
Sebastiaan van Stijn
0e7a1079be
Fix some broken sourceforge.net links 
Looks like there's issues with sourceforge project
pages. Given that sourceforge isn't really what
it used to be, trying to find alternative URLs
where possible.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2016-07-12 21:51:14 +02:00
Mansi Nahar
82d70f4409 Change content-trust doc to not point to images that don't exist 
Signed-off-by: Mansi Nahar <mmn4185@rit.edu>
 2016-07-11 12:41:03 -04:00
cyli
ba115b0a91 Update content trust docs to reflect latest notary compose file changes, and to simplify 
the instructions by providing a single compose file that runs the notary server, registry,
and a docker-in-docker trust sandbox.

Signed-off-by: cyli <cyli@twistedmatrix.com>
 2016-06-13 12:57:06 -07:00
Sebastiaan van Stijn
5b1060c775 Merge pull request from riyazdf/notary-delegation-env 
Add link to notary environment vars from docker trust automation section
 2016-06-09 00:09:28 +02:00
Riyaz Faizullabhoy
8d72ff3f5e Add link to notary environment vars from docker trust automation section 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-06-07 14:03:56 -07:00
allencloud
c1be45fa38 fix typos 
Signed-off-by: allencloud <allen.sun@daocloud.io>
 2016-06-02 17:17:22 +08:00
Alexander Morozov
c95f1fcbd9 Merge pull request from cyli/bump-notary-version 
Bump notary version up to 0.3.0 and re-vendor.
 2016-05-12 14:38:07 -07:00
Vincent Demeester
475c37dd66 Merge pull request from allencloud/fix-typos-in-docs 
docs: correct some typos
 2016-05-12 14:35:39 +02:00
Vincent Demeester
edf5e097a2 Merge pull request from haoshuwei/fix-docs-securitymd 
Fixing security.md
 2016-05-12 14:35:21 +02:00
allencloud
57e2a82355 fix typos in docs 
Signed-off-by: allencloud <allen.sun@daocloud.io>
 2016-05-12 18:38:02 +08:00
Sebastiaan van Stijn
067e54eeac
docs: update menu order in security section 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2016-05-12 11:19:53 +02:00
Sebastiaan van Stijn
a14e85c40d Merge pull request from jfrazelle/docs-add-security-non-events 
docs: add security non-events
 2016-05-12 11:17:47 +02:00
Hao Shu Wei
73d96a6b17 Fixing security.md 
Signed-off-by: Hao Shu Wei <haoshuwei1989@163.com>
 2016-05-12 16:52:03 +08:00
cyli
6094be63ac Bump notary version up to 0.3.0 and re-vendor. 
Signed-off-by: cyli <cyli@twistedmatrix.com>
 2016-05-11 22:57:51 -07:00
Sebastiaan van Stijn
2cddd1cd1f
docs: update seccomp whitelist 
the 'modify_ldt' was listed as "blocked by default",
but was whitelisted in 13a9d4e899

this updates the documentation to reflect this

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2016-05-11 18:45:27 +02:00
Jess Frazelle
6f06e98f57
docs: add security non-events 
Signed-off-by: Jess Frazelle <jess@mesosphere.com>
Signed-off-by: Jess Frazelle <me@jessfraz.com>
 2016-05-09 09:35:19 -07:00
Vincent Demeester
1c1947dd29 Merge pull request from wenchma/dockerd 
Update the `docker daemon` to `dockerd` for document
 2016-05-04 15:07:53 +02:00
Wen Cheng Ma
24ec73f754 Update the docker daemon to dockerd for document 
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
 2016-04-29 09:06:02 +08:00
Antonio Murdaca
09021d6841 Merge pull request from cpuguy83/seccomp_for_centos 
centos:7/oraclelinux:7 now includes libseccomp 2.2.1
 2016-04-28 12:26:22 +02:00
Riyaz Faizullabhoy
77da3bcb72 Update DCT docs with 1.11 info, fix typos 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-27 09:57:54 -07:00
Brian Goff
1521a41fc5 centos:7/OL:7 now includes libseccomp 2.2.1 
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2016-04-26 20:48:26 -04:00
Thomas Grainger
ea8f9c9723
Fix security documentation, XSS -> CSRF 
Signed-off-by: Thomas Grainger <tagrain@gmail.com>
 2016-04-15 11:29:37 +01:00
Jess Frazelle
80d63e2e11
Add example to apparmor docs 
Signed-off-by: Jess Frazelle <jess@mesosphere.com>
 2016-04-14 10:59:47 -07:00
Tibor Vass
3ce494f48c Merge pull request from mlaventure/containerd-docs-cleanup 
Remove unneeded references to execDriver
 2016-03-22 19:40:27 -04:00
Kenfe-Mickael Laventure
8af4f89cba Remove unneeded references to execDriver 
This includes:
 - updating the docs
 - removing dangling variables

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2016-03-21 13:06:08 -07:00
cyli
88d73ebff4 Include documentation on how to add the targets/releases delegation to a repo 
Signed-off-by: cyli <cyli@twistedmatrix.com>
 2016-03-21 12:06:10 -07:00
Jess Frazelle
06e98f0a5c Merge pull request from calavera/consolidate_security_opts_format 
Consolidate security options to use `=` as separator.
 2016-03-18 16:02:38 -07:00
Yong Tang
3c6aa163a3 Fix several typos in the documentation. 
This pull request fixes several typos in the documentation.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
 2016-03-17 18:29:35 +00:00
David Calavera
cb9aeb0413 Consolidate security options to use = as separator. 
All other options we have use `=` as separator, labels,
log configurations, graph configurations and so on.
We should be consistent and use `=` for the security
options too.

Signed-off-by: David Calavera <david.calavera@gmail.com>
 2016-03-17 13:34:42 -04:00
David Calavera
553ffa7fd7 Merge pull request from WeiZhang555/typo 
Fix typo
 2016-03-17 08:20:26 -07:00
Zhang Wei
ca64269165 Fix typo 
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
 2016-03-17 16:13:51 +08:00
Justin Cormack
96896f2d0b Add new syscalls in libseccomp 2.3.0 to seccomp default profile 
This adds the following new syscalls that are supported in libseccomp 2.3.0,
including calls added up to kernel 4.5-rc4:
mlock2 - same as mlock but with a flag
copy_file_range - copy file contents, like splice but with reflink support.

The following are not added, and mentioned in docs:
userfaultfd - userspace page fault handling, mainly designed for process migration

The following are not added, only apply to less common architectures:
switch_endian
membarrier
breakpoint
set_tls
I plan to review the other architectures, some of which can now have seccomp
enabled in the build as they are now supported.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-03-16 21:17:32 +00:00
Justin Cormack
5abd881883 Allow restart_syscall in default seccomp profile 
Fixes 

This syscall was blocked as there was some concern that it could be
used to bypass filtering of other syscall arguments. However none of the
potential syscalls where this could be an issue (poll, nanosleep,
clock_nanosleep, futex) are blocked in the default profile anyway.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-03-11 16:44:11 +00:00
Antonio Murdaca
dc0397c9a8 docs: security: seccomp: mention Docker needs seccomp build and check config 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 2016-03-03 12:04:09 +01:00
Steven Iveson
244e5fc516 Update seccomp.md 
Corrected titles to use title case. Added link to default.json and some numerical detail. Changed example JSON to a portion of the actual default file, with the correct defaultAction.

Signed-off-by: Steven Iveson <steven.iveson@infinityworks.com>
 2016-02-29 16:32:45 +00:00