kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity
moby--moby/cmd/dockerd
History
Sebastiaan van Stijn 68e96f88ee
Fix daemon.json and daemon --seccomp-profile not accepting "unconfined" 
Commit b237189e6c implemented an option to
set the default seccomp profile in the daemon configuration. When that PR
was reviewed, it was discussed to have the option accept the path to a custom
profile JSON file; https://github.com/moby/moby/pull/26276#issuecomment-253546966

However, in the implementation, the special "unconfined" value was not taken into
account. The "unconfined" value is meant to disable seccomp (more factually:
run with an empty profile).

While it's likely possible to achieve this by creating a file with an an empty
(`{}`) profile, and passing the path to that file, it's inconsistent with the
`--security-opt seccomp=unconfined` option on `docker run` and `docker create`,
which is both confusing, and makes it harder to use (especially on Docker Desktop,
where there's no direct access to the VM's filesystem).

This patch adds the missing check for the special "unconfined" value.

Co-authored-by: Tianon Gravi <admwiggin@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-07 15:40:45 +02:00
..
trap pkg/signal: move Trap() to cmd/dockerd 2021-07-15 18:11:00 +02:00
config.go Unhide containerd-namespace flags 2020-11-05 12:14:01 -08:00
config_common_unix.go dockerd: fix rootless detection (alternative to #39024) 2019-04-25 16:47:01 +09:00
config_unix.go Fix daemon.json and daemon --seccomp-profile not accepting "unconfined" 2021-08-07 15:40:45 +02:00
config_unix_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
config_windows.go allow running dockerd in an unprivileged user namespace (rootless mode) 2019-02-04 00:24:27 +09:00
daemon.go Merge pull request #42641 from thaJeztah/make_signal_selfcontained 2021-07-19 14:46:15 -07:00
daemon_freebsd.go cmd/dockerd: sd_notify STOPPING=1 when shutting down 2020-12-22 10:51:17 +01:00
daemon_linux.go cmd/dockerd: sd_notify STOPPING=1 when shutting down 2020-12-22 10:51:17 +01:00
daemon_test.go Use designated test domains (RFC2606) in tests 2021-04-02 14:06:27 +02:00
daemon_unix.go Merge pull request #41656 from thaJeztah/unexport_things 2021-06-08 12:07:40 +09:00
daemon_unix_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
daemon_windows.go cmd/dockerd: sd_notify STOPPING=1 when shutting down 2020-12-22 10:51:17 +01:00
docker.go vendor: spf13/cobra v1.0.0 2020-05-08 10:44:36 +02:00
docker_unix.go Windows:Add ETW logging hook 2019-03-12 18:41:55 -07:00
docker_windows.go Windows:Add ETW logging hook 2019-03-12 18:41:55 -07:00
metrics.go Do not require "experimental" for metrics API 2020-04-20 22:19:00 +02:00
options.go Make validate flag description more generic 2021-06-24 15:43:28 +00:00
options_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
README.md
service_unsupported.go Split daemon service code to _windows file 2018-03-21 12:57:53 +01:00
service_windows.go Use hcsshim osversion package for Windows versions 2019-10-22 02:53:00 +02:00

README.md

docker.go contains Docker daemon's main function.

This file provides first line CLI argument parsing and environment variable setting.