kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity
moby--moby/daemon
History
Sebastiaan van Stijn 68e96f88ee
Fix daemon.json and daemon --seccomp-profile not accepting "unconfined" 
Commit b237189e6c implemented an option to
set the default seccomp profile in the daemon configuration. When that PR
was reviewed, it was discussed to have the option accept the path to a custom
profile JSON file; https://github.com/moby/moby/pull/26276#issuecomment-253546966

However, in the implementation, the special "unconfined" value was not taken into
account. The "unconfined" value is meant to disable seccomp (more factually:
run with an empty profile).

While it's likely possible to achieve this by creating a file with an an empty
(`{}`) profile, and passing the path to that file, it's inconsistent with the
`--security-opt seccomp=unconfined` option on `docker run` and `docker create`,
which is both confusing, and makes it harder to use (especially on Docker Desktop,
where there's no direct access to the VM's filesystem).

This patch adds the missing check for the special "unconfined" value.

Co-authored-by: Tianon Gravi <admwiggin@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 		2021-08-07 15:40:45 +02:00
..
cluster Merge pull request #42193 from lzhfromustc/3_23 2021-07-28 15:25:37 -07:00
config daemon/config: rename the default seccomp profile to "builtin" 2021-08-07 15:37:03 +02:00
discovery bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
events daemon: normalize comment formatting 2019-11-27 15:43:53 +01:00
exec Handle blocked I/O of exec'd processes 2019-06-21 12:02:15 -04:00
graphdriver Merge pull request #42193 from lzhfromustc/3_23 2021-07-28 15:25:37 -07:00
images fix a typo 2021-07-25 00:33:59 +08:00
initlayer
links daemon: normalize comment formatting 2019-11-27 15:43:53 +01:00
listeners daemon/listeners: use pkg/errors 2020-09-14 14:50:54 +02:00
logger Merge pull request #42132 from xia-wu/add-create-log-stream 2021-07-19 16:42:36 +02:00
names
network Move HostGatewayName const to opts, and change vars to consts 2020-10-30 21:17:34 +01:00
stats daemon/stats: fix notRunningErr / notFoundErr detected as unused (false positive) 2021-06-10 13:03:34 +02:00
testdata
apparmor_default.go Use containerd's apparmor package to detect if apparmor can be used 2021-04-08 20:22:08 +02:00
apparmor_default_unsupported.go buildkit: Apply apparmor profile 2021-02-02 13:32:24 +01:00
archive.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
archive_tarcopyoptions.go
archive_tarcopyoptions_unix.go
archive_tarcopyoptions_windows.go
archive_unix.go volume/mounts: remove "containerOS" argument from NewParser (LCOW code) 2021-07-02 13:51:55 +02:00
archive_windows.go
attach.go Replace errors.Cause() with errors.Is() / errors.As() 2020-04-29 00:28:41 +02:00
auth.go
changes.go daemon: add "isWindows" const 2019-10-17 23:49:43 +02:00
checkpoint.go daemon/checkpoint: rm extra checks 2019-09-18 12:57:22 +02:00
cluster.go Fix libnetwork imports 2021-06-01 21:51:23 +00:00
commit.go daemon: add "isWindows" const 2019-10-17 23:49:43 +02:00
configs.go
configs_linux.go
configs_unsupported.go
configs_windows.go
container.go Merge pull request #42616 from thaJeztah/migrate_pkg_signal 2021-07-26 10:47:28 -07:00
container_linux.go daemon: fix capitalization of some functions 2020-04-14 17:22:19 +02:00
container_operations.go Fixup libnetwork lint errors 2021-06-01 23:48:32 +00:00
container_operations_unix.go Fixup libnetwork lint errors 2021-06-01 23:48:32 +00:00
container_operations_windows.go Fixup libnetwork lint errors 2021-06-01 23:48:32 +00:00
container_unix_test.go Merge pull request #42618 from thaJeztah/remove_common_unix_config 2021-08-03 16:52:10 +02:00
container_windows.go daemon: fix capitalization of some functions 2020-04-14 17:22:19 +02:00
content.go Store image manifests in containerd content store 2020-11-05 20:02:18 +00:00
create.go daemon, oci: remove LCOW bits 2021-07-27 13:35:59 +02:00
create_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
create_unix.go Check tmpfs mounts before create anon volume 2020-02-04 10:12:05 -08:00
create_windows.go daemon, oci: remove LCOW bits 2021-07-27 13:35:59 +02:00
daemon.go pkg/sysinfo.New(), daemon.RawSysInfo(): remove "quiet" argument 2021-07-14 23:10:07 +02:00
daemon_linux.go Fix libnetwork imports 2021-06-01 21:51:23 +00:00
daemon_linux_test.go volume/mounts: remove "containerOS" argument from NewParser (LCOW code) 2021-07-02 13:51:55 +02:00
daemon_test.go volume/mounts: remove "containerOS" argument from NewParser (LCOW code) 2021-07-02 13:51:55 +02:00
daemon_unix.go Fix daemon.json and daemon --seccomp-profile not accepting "unconfined" 2021-08-07 15:40:45 +02:00
daemon_unix_test.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
daemon_unsupported.go pkg/sysinfo.New(), daemon.RawSysInfo(): remove "quiet" argument 2021-07-14 23:10:07 +02:00
daemon_windows.go daemon, oci: remove LCOW bits 2021-07-27 13:35:59 +02:00
daemon_windows_test.go
debugtrap_unix.go pkg/signal: move signal.DumpStacks() to a separate package 2021-07-15 18:09:43 +02:00
debugtrap_unsupported.go daemon: rename all receivers to "daemon" 2020-04-14 17:22:21 +02:00
debugtrap_windows.go pkg/signal: move signal.DumpStacks() to a separate package 2021-07-15 18:09:43 +02:00
delete.go vendor: opencontainers/selinux v1.8.0, and remove selinux build-tag and stubs 2020-12-24 00:47:16 +01:00
delete_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
dependency.go
devices_linux.go
disk_usage.go daemon: paralellize disk usage computations 2021-08-05 14:42:31 +02:00
errors.go Error string match: do not match command path 2021-04-14 23:03:18 +00:00
events.go Fix libnetwork imports 2021-06-01 21:51:23 +00:00
events_test.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
exec.go replace pkg/signal with moby/sys/signal v0.5.0 2021-07-23 09:32:54 +02:00
exec_linux.go Use containerd's apparmor package to detect if apparmor can be used 2021-04-08 20:22:08 +02:00
exec_linux_test.go Fix panic in TestExecSetPlatformOpt, TestExecSetPlatformOptPrivileged 2021-04-23 00:39:39 +02:00
exec_windows.go
export.go remove layerstore indexing by OS (used for LCOW) 2021-06-10 17:49:11 +02:00
health.go daemon: rename all receivers to "daemon" 2020-04-14 17:22:21 +02:00
health_test.go daemon: suppress logs in unit tests 2019-10-18 00:57:56 +02:00
info.go Add const for "unconfined" and default seccomp profiles 2021-08-07 15:36:06 +02:00
info_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
info_unix.go Move cgroup v2 out of experimental 2021-02-16 17:54:28 +09:00
info_unix_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
info_windows.go
inspect.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
inspect_linux.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
inspect_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
inspect_windows.go
keys.go daemon: un-export ModifyRootKeyLimit() 2021-05-31 19:06:14 +02:00
keys_unsupported.go daemon: un-export ModifyRootKeyLimit() 2021-05-31 19:06:14 +02:00
kill.go replace pkg/signal with moby/sys/signal v0.5.0 2021-07-23 09:32:54 +02:00
licensing.go
licensing_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
links.go
list.go daemon: var-declaration: should omit type bool (revive) 2021-06-10 13:03:45 +02:00
list_test.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
list_unix.go
list_windows.go
logdrivers_linux.go Support configuration of log cacher. 2020-02-19 17:02:34 -05:00
logdrivers_windows.go Support configuration of log cacher. 2020-02-19 17:02:34 -05:00
logs.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
logs_test.go
metrics.go daemon: rename all receivers to "daemon" 2020-04-14 17:22:21 +02:00
metrics_unix.go Do not require "experimental" for metrics API 2020-04-20 22:19:00 +02:00
metrics_unsupported.go
monitor.go Move container exit state to after cleanup. 2021-01-28 11:28:41 -08:00
mounts.go
names.go Entropy cannot be saved 2019-06-07 11:54:45 +01:00
network.go reformat "nolint" comments 2021-06-10 13:03:42 +02:00
network_windows.go Fix libnetwork imports 2021-06-01 21:51:23 +00:00
nvidia_linux.go goimports: fix imports 2019-09-18 12:56:54 +02:00
oci_linux.go Merge pull request #42520 from thaJeztah/remove_lcow_step5_alternative 2021-07-26 10:24:52 -07:00
oci_linux_test.go Fixup libnetwork lint errors 2021-06-01 23:48:32 +00:00
oci_utils.go goimports: fix imports 2019-09-18 12:56:54 +02:00
oci_windows.go daemon, oci: remove LCOW bits 2021-07-27 13:35:59 +02:00
oci_windows_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
pause.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
prune.go Fixup libnetwork lint errors 2021-06-01 23:48:32 +00:00
reload.go Adding ability to change max download attempts 2019-09-19 13:51:40 +02:00
reload_test.go Fixup libnetwork lint errors 2021-06-01 23:48:32 +00:00
reload_unix.go daemon: move DefaultShimBinary, DefaultRuntimeBinary to config package 2021-05-31 19:06:16 +02:00
reload_windows.go
rename.go Fix libnetwork imports 2021-06-01 21:51:23 +00:00
resize.go Merge pull request #38522 from cpuguy83/fix_timers 2019-06-07 13:16:46 +02:00
resize_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
restart.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
runtime_unix.go Add shim config for custom runtimes for plugins 2021-01-14 19:28:28 +00:00
runtime_windows.go Add shim config for custom runtimes for plugins 2021-01-14 19:28:28 +00:00
seccomp_disabled.go Add const for "unconfined" and default seccomp profiles 2021-08-07 15:36:06 +02:00
seccomp_linux.go Fix daemon.json and daemon --seccomp-profile not accepting "unconfined" 2021-08-07 15:40:45 +02:00
seccomp_linux_test.go Add const for "unconfined" and default seccomp profiles 2021-08-07 15:36:06 +02:00
seccomp_unsupported.go daemon: make supportsSeccomp a const 2019-10-13 19:16:31 +02:00
secrets.go
secrets_linux.go
secrets_unsupported.go
secrets_windows.go
start.go volume/mounts: remove "containerOS" argument from NewParser (LCOW code) 2021-07-02 13:51:55 +02:00
start_unix.go Add shim config for custom runtimes for plugins 2021-01-14 19:28:28 +00:00
start_windows.go libcontainerd: remove LCOW bits 2021-06-09 22:05:10 +02:00
stats.go Merge pull request #40478 from cpuguy83/dont-prime-the-stats 2020-04-16 20:57:06 +02:00
stats_collector.go
stats_unix.go
stats_windows.go
stop.go Fix log statement 'failed to exit' timeout accuracy 2021-06-08 13:37:58 -07:00
top_unix.go reformat "nolint" comments 2021-06-10 13:03:42 +02:00
top_unix_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
top_windows.go goimports: fix imports 2019-09-18 12:56:54 +02:00
trustkey.go Allow system.MkDirAll() to be used as drop-in for os.MkDirAll() 2019-08-08 15:05:49 +02:00
trustkey_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
unpause.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
update.go volume/mounts: remove "containerOS" argument from NewParser (LCOW code) 2021-07-02 13:51:55 +02:00
update_linux.go goimports: fix imports 2019-09-18 12:56:54 +02:00
update_windows.go
util_test.go Configure shims from runtime config 2020-07-13 14:18:02 -07:00
volumes.go volume/mounts: remove "containerOS" argument from NewParser (LCOW code) 2021-07-02 13:51:55 +02:00
volumes_linux.go
volumes_linux_test.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
volumes_unit_test.go volume/mounts: remove "containerOS" argument from NewParser (LCOW code) 2021-07-02 13:51:55 +02:00
volumes_unix.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
volumes_unix_test.go staticcheck: SA4001: &*x will be simplified to x. It will not copy x 2021-06-10 13:03:25 +02:00
volumes_windows.go
wait.go
workdir.go