e1445dff12
These syscalls (some of which have been in Linux for a while but were missing from the profile) fall into a few buckets: * close_range(2), epoll_wait2(2) are just extensions of existing "safe for everyone" syscalls. * The mountv2 API syscalls (fs*(2), move_mount(2), open_tree(2)) are all equivalent to aspects of mount(2) and thus go into the CAP_SYS_ADMIN category. * process_madvise(2) is similar to the other process_*(2) syscalls and thus goes in the CAP_SYS_PTRACE category. Co-authored-by: Aleksa Sarai <asarai@suse.de> Signed-off-by: Sebastiaan van Stijn <github@gone.nl> |
||
|---|---|---|
| .. | ||
| ansible | ||
| apparmor | ||
| autocomplete | ||
| aws | ||
| gce | ||
| linuxkit | ||
| nvidia | ||
| seccomp | ||
| snapshotservice | ||
| Dockerfile.test | ||
| README.md | ||
contrib
The contrib directory contains packages that do not belong in the core containerd packages but still contribute to overall containerd usability.
Package such as Apparmor or Selinux are placed in contrib because they are platform dependent and often require higher level tools and profiles to work.
Packaging and other built tools can be added to contrib to aid in packaging containerd for various distributions.
Testing
Code in the contrib directory may or may not have been tested in the normal test pipeline for core components.