mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
87376c3add
By using the 'unconfined' policy for privileged containers, we have inherited the host's apparmor policies, which really make no sense in the context of the container's filesystem. For instance, policies written against the paths of binaries such as '/usr/sbin/tcpdump' can be easily circumvented by moving the binary within the container filesystem. Fixes GH#5490 Signed-off-by: Eric Windisch <eric@windisch.us> |
||
|---|---|---|
| .. | ||
| apparmor | ||
| builder | ||
| completion | ||
| desktop-integration | ||
| docker-device-tool | ||
| host-integration | ||
| httpserver | ||
| init | ||
| mkimage | ||
| reprepro | ||
| syntax | ||
| udev | ||
| vagrant-docker | ||
| check-config.sh | ||
| dockerize-disk.sh | ||
| download-frozen-image.sh | ||
| mkimage-alpine.sh | ||
| mkimage-arch-pacman.conf | ||
| mkimage-arch.sh | ||
| mkimage-busybox.sh | ||
| mkimage-crux.sh | ||
| mkimage-debootstrap.sh | ||
| mkimage-rinse.sh | ||
| mkimage-yum.sh | ||
| mkimage.sh | ||
| mkseccomp.pl | ||
| mkseccomp.sample | ||
| nuke-graph-directory.sh | ||
| project-stats.sh | ||
| README | ||
| report-issue.sh | ||
| REVIEWERS | ||
The `contrib` directory contains scripts, images, and other helpful things which are not part of the core docker distribution. Please note that they could be out of date, since they do not receive the same attention as the rest of the repository.