aboutsummaryrefslogtreecommitdiff
path: root/profiles
Commit message (Expand)AuthorAgeFilesLines
...
* profiles: Fix file permissions on json filesArnaud Rebillout2019-09-162-0/+0
* seccomp: whitelist io-uring related system callsyoucai2019-09-072-0/+6
* Add sigprocmask to default seccomp profileMichael Crosby2019-08-292-0/+2
* profiles/seccomp: improve profile conversionKir Kolyshkin2019-06-181-7/+5
* Merge pull request #39121 from goldwynr/masterSebastiaan van Stijn2019-06-111-1/+1
|\
| * apparmor: allow readby and tracedbyGoldwyn Rodrigues2019-04-221-1/+1
* | Fix seccomp profile for clone syscallSebastiaan van Stijn2019-06-043-5/+5
|/
* seccomp: whitelist io_pgetevents()Avi Kivity2019-03-182-0/+2
* seccomp: review updateTonis Tiigi2019-02-053-17/+18
* Merge pull request #38137 from tonistiigi/seccomp-ptraceJustin Cormack2019-02-053-1/+50
|\
| * seccomp: allow ptrace for 4.8+ kernelsTonis Tiigi2018-11-043-1/+50
* | Merge pull request #37831 from cyphar/apparmor-external-templatesVincent Demeester2018-11-192-0/+27
|\ \ | |/ |/|
| * apparmor: allow receiving of signals from 'docker kill'Aleksa Sarai2018-09-132-0/+27
* | Move the syslog syscall to be gated by CAP_SYS_ADMIN or CAP_SYSLOGJustin Cormack2018-09-272-2/+26
* | Whitelist syscalls linked to CAP_SYS_NICE in default seccomp profileNicolas V Castet2018-06-202-0/+28
|/
* If container will run as non root user, drop permitted, effective caps earlyJustin Cormack2018-03-191-2/+2
* Whitelist statx syscall for libseccomp-2.3.3 onwardNobodyOnSE2018-03-062-0/+2
* Add canonical import commentDaniel Nephin2018-02-056-6/+6
* Copy Inslice() to those parts that use itChao Wang2017-11-101-5/+15
* drop useless apparmor deniesTycho Andersen2017-10-061-2/+0
* Remove double defined alarmSimon Vikstrom2017-08-192-2/+0
* Merge pull request #34445 from pmoust/f-seccomp-quotaclYong Tang2017-08-092-0/+2
|\
| * seccomp: whitelist quotactl with CAP_SYS_ADMINPanagiotis Moustafellos2017-08-092-0/+2
* | Move pkg/templates awayVincent Demeester2017-08-081-2/+2
|/
* Remove unused importFlorin Patan2017-07-291-1/+0
* [project] change syscall to /x/sys/unix|windowsChristopher Jones2017-07-111-4/+3
* Whitelist adjtimex get operation. Adjustment operations are gated by CAP_SYS_...Miklos Szegedi2017-06-022-2/+2
* Revert "Block obsolete socket families in the default seccomp profile"Justin Cormack2017-05-092-364/+4
* Update moby to runc and oci 1.0 runtime final rcMichael Crosby2017-05-051-13/+13
* seccomp: Allow personality with UNAME26 bit set.Ian Campbell2017-05-022-0/+56
* profiles: seccomp: allow clock_settime when CAP_SYS_TIME is addedAntonio Murdaca2017-03-202-1/+3
* Seccomp UpdateJustin Cormack2017-03-072-0/+4
* profiles: seccomp: fix !seccomp buildAleksa Sarai2017-03-021-1/+1
* Allow sync_file_range2 on supported architectures.Gabriel Linder2017-02-142-0/+26
* Add two arm specific syscalls to seccomp profileJustin Cormack2017-01-292-0/+4
* Block obsolete socket families in the default seccomp profileJustin Cormack2017-01-172-4/+364
* Merge pull request #29314 from vdemeester/no-more-utilsSebastiaan van Stijn2016-12-221-1/+1
|\
| * Move templates to pkg/templatesVincent Demeester2016-12-121-1/+1
* | Get rid of err altogether by just returning the assignmentXianglin Gao2016-12-131-9/+2
* | Merge pull request #29130 from cyphar/29097-dynamically-reload-apparmorVictor Vieux2016-12-121-5/+11
|\ \ | |/ |/|
| * apparmor: switch IsLoaded to return boolAleksa Sarai2016-12-061-5/+11
* | Merge pull request #28924 from xlgao-zju/fix-apparmor-load-profileJustin Cormack2016-12-081-1/+1
|\ \ | |/ |/|
| * fix apparmor load profileXianglin Gao2016-11-291-1/+1
* | profiles/seccomp: fix commentAntonio Murdaca2016-11-251-1/+1
|/
* remove redundant file Closeallencloud2016-11-181-1/+0
* Fix apparmor profile installationChristopher Jones2016-09-291-2/+2
* apparmor: prohibit /sys/firmware/** from being accessedAkihiro Suda2016-09-161-1/+1
* apparmor: do not save profile to /etc/apparmor.dAleksa Sarai2016-09-131-10/+9
* Add engine-api types to dockerMichael Crosby2016-09-073-3/+3
* New seccomp formatAntonio Murdaca2016-09-015-3317/+1220
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 15:26:34 +0000