Add security section #89
Conversation
config-linux.md
Outdated
There was a problem hiding this comment.
Probably a good time to migrate these to the new Markdown paragraph format (#82).
|
On Thu, Jul 30, 2015 at 01:46:35PM -0700, Mrunal Patel wrote:
I think you meant opencontainers/runc#70. I realize this spec isn't going to be a tutorial on container For example, the ‘3’ value for the |
|
@wking Yeah, I will flesh out the Seccomp section some more. |
|
I like adding the apparmor, selinux, seccomp and capabilities stuff but I don't see any reason to group them in a security section. rlimits may be thought of as a security mechanism to avoid denial-of-service to the rest of the system, for example. |
mrunalp
force-pushed
the
security
branch
2 times, most recently
from
d3c8ffc to
8d3488e
Compare
|
Got rid of the separate Security struct. |
|
Overall this change makes sense to me. |
config-linux.md
Outdated
There was a problem hiding this comment.
There are two seccomp.h that are visible to users. One is exported by linux kernel and the other is defined by libseccomp. I think we should mention libseccomp?
|
@lizf-os Updated to mention that we use the header from libseccomp. |
|
@mrunalp IIRC we also have |
|
@LK4D4 Yes, I think we should probably add that as well. I think I will do a follow-on PR for that. |
|
overall looks fine. rebase needed though. |
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
|
Rebased. |
|
LGTM |
1 similar comment
|
LGTM |
7 participants
This is WIP for adding security settings as discussed in the meeting.
The settings are based on security profiles in nsinit and Seccomp configuration in opencontainers/runc#70