mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
39dae54a3f
Wraps the engine itself with an AppArmor policy. This restricts what may be done by applications we call out to, such as 'xz'. Significantly, this policy also restricts the policies to which a container may be spawned into. By default, users will be able to transition to an unconfined policy or any policy prefaced with 'docker-'. Local operators may add new local policies prefaced with 'docker-' without needing to modify this policy. Operators choosing to disable privileged containers will need to modify this policy to remove access to change_policy to unconfined. Signed-off-by: Eric Windisch <eric@windisch.us> |
||
|---|---|---|
| .. | ||
| .build-deb | ||
| .build-rpm | ||
| .resources-windows | ||
| .dockerinit | ||
| .dockerinit-gccgo | ||
| .ensure-emptyfs | ||
| .ensure-frozen-images | ||
| .ensure-httpserver | ||
| .go-autogen | ||
| .go-compile-test-dir | ||
| .integration-daemon-setup | ||
| .integration-daemon-start | ||
| .integration-daemon-stop | ||
| .validate | ||
| binary | ||
| build-deb | ||
| build-rpm | ||
| cover | ||
| cross | ||
| dynbinary | ||
| dyngccgo | ||
| gccgo | ||
| README.md | ||
| release-deb | ||
| release-rpm | ||
| sign-repos | ||
| test-docker-py | ||
| test-integration-cli | ||
| test-unit | ||
| tgz | ||
| ubuntu | ||
| validate-dco | ||
| validate-gofmt | ||
| validate-lint | ||
| validate-pkg | ||
| validate-test | ||
| validate-toml | ||
| validate-vet | ||
This directory holds scripts called by make.sh in the parent directory.
Each script is named after the bundle it creates. They should not be called directly - instead, pass it as argument to make.sh, for example:
./hack/make.sh test
./hack/make.sh binary ubuntu
# Or to run all bundles:
./hack/make.sh
To add a bundle:
- Create a shell-compatible file here
- Add it to $DEFAULT_BUNDLES in make.sh