kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity
moby--moby/hack/make
History
Eric Windisch 80d99236c1 Move AppArmor policy to contrib & deb packaging 
The automatic installation of AppArmor policies prevents the
management of custom, site-specific apparmor policies for the
default container profile. Furthermore, this change will allow
a future policy for the engine itself to be written without demanding
the engine be able to arbitrarily create and manage AppArmor policies.

- Add deb package suggests for apparmor.
- Ubuntu postinst use aa-status & fix policy path
- Add the policies to the debian packages.
- Add apparmor tests for writing proc files
Additional restrictions against modifying files in proc
are enforced by AppArmor. Ensure that AppArmor is preventing
access to these files, not simply Docker's configuration of proc.
- Remove /proc/k?mem from AA policy
The path to mem and kmem are in /dev, not /proc
and cannot be restricted successfully through AppArmor.
The device cgroup will need to be sufficient here.
- Load contrib/apparmor during integration tests
Note that this is somewhat dirty because we
cannot restore the host to its original configuration.
However, it should be noted that prior to this patch
series, the Docker daemon itself was loading apparmor
policy from within the tests, so this is no dirtier or
uglier than the status-quo.

Signed-off-by: Eric Windisch <eric@windisch.us>
2015-07-21 11:05:53 -04:00
..
.build-deb Move AppArmor policy to contrib & deb packaging 2015-07-21 11:05:53 -04:00
.build-rpm Remove specific dependencies and let RPM auto-generate the dependencies on libraries during build. 2015-07-08 15:30:42 +10:00
.resources-windows Windows: Build docker.exe manifested and with icon 2015-06-04 11:49:10 -07:00
.dockerinit hack/make/test-integration-cli: introduce MAKEDIR variable 2015-04-15 10:44:14 +02:00
.dockerinit-gccgo Merge pull request #12376 from Mic92/refactor-hack 2015-04-22 12:12:44 -07:00
.ensure-emptyfs Move scripts back to hack/, leave docs in project/ 2015-03-13 14:04:08 -06:00
.ensure-frozen-images add unshare apparmor profile test 2015-05-20 14:06:00 -07:00
.ensure-httpserver Move scripts back to hack/, leave docs in project/ 2015-03-13 14:04:08 -06:00
.go-autogen Add branch and build time to version 2015-06-22 13:00:27 -07:00
.go-compile-test-dir Move scripts back to hack/, leave docs in project/ 2015-03-13 14:04:08 -06:00
.integration-daemon-setup hack: explicit bundles for integration-cli prequisites 2015-06-09 07:22:26 +02:00
.integration-daemon-start Move AppArmor policy to contrib & deb packaging 2015-07-21 11:05:53 -04:00
.integration-daemon-stop Check for apparmor file before reading it 2015-06-17 11:58:17 -05:00
.validate .: remove trailing white spaces 2015-03-25 13:38:17 -04:00
binary Make "DEST" a make.sh construct instead of ad-hoc 2015-05-30 11:16:43 -07:00
build-deb Moving man pages out of docs 2015-06-10 13:43:35 -07:00
build-rpm Moving man pages out of docs 2015-06-10 13:43:35 -07:00
cover Make "DEST" a make.sh construct instead of ad-hoc 2015-05-30 11:16:43 -07:00
cross Make "DEST" a make.sh construct instead of ad-hoc 2015-05-30 11:16:43 -07:00
dynbinary Make "DEST" a make.sh construct instead of ad-hoc 2015-05-30 11:16:43 -07:00
dyngccgo Make "DEST" a make.sh construct instead of ad-hoc 2015-05-30 11:16:43 -07:00
gccgo Make "DEST" a make.sh construct instead of ad-hoc 2015-05-30 11:16:43 -07:00
README.md Move scripts back to hack/, leave docs in project/ 2015-03-13 14:04:08 -06:00
release-deb Add release-deb & release-rpm scripts. 2015-07-15 15:54:00 -07:00
release-rpm Add release-deb & release-rpm scripts. 2015-07-15 15:54:00 -07:00
sign-repos Add release-deb & release-rpm scripts. 2015-07-15 15:54:00 -07:00
test-docker-py hack: explicit bundles for integration-cli prequisites 2015-06-09 07:22:26 +02:00
test-integration-cli Remove timer and use -check.v for tests formatting 2015-06-18 14:22:40 -07:00
test-unit Make "DEST" a make.sh construct instead of ad-hoc 2015-05-30 11:16:43 -07:00
tgz Make "DEST" a make.sh construct instead of ad-hoc 2015-05-30 11:16:43 -07:00
ubuntu Move AppArmor policy to contrib & deb packaging 2015-07-21 11:05:53 -04:00
validate-dco hack/make/test-integration-cli: introduce MAKEDIR variable 2015-04-15 10:44:14 +02:00
validate-gofmt hack/make/test-integration-cli: introduce MAKEDIR variable 2015-04-15 10:44:14 +02:00
validate-pkg Add new "validate-pkg" bundlescript 2015-06-12 12:28:23 -07:00
validate-test Validate we're not using the old testing stuff 2015-04-23 10:29:47 -07:00
validate-toml hack/make/test-integration-cli: introduce MAKEDIR variable 2015-04-15 10:44:14 +02:00
validate-vet hack/make/test-integration-cli: introduce MAKEDIR variable 2015-04-15 10:44:14 +02:00

README.md

This directory holds scripts called by make.sh in the parent directory.

Each script is named after the bundle it creates. They should not be called directly - instead, pass it as argument to make.sh, for example:

./hack/make.sh test
./hack/make.sh binary ubuntu

# Or to run all bundles:
./hack/make.sh

To add a bundle:

  • Create a shell-compatible file here
  • Add it to $DEFAULT_BUNDLES in make.sh