We use cookies to ensure you get the best experience on our website
Home Esplora Aiuto
Registrati Accedi
0ct0pu5
/
moby
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

Merge pull request #21286 from rhatdan/seccomp-man

Fix documentation on --security-opt seccomp
David Calavera 9 anni fa
parent
9d62c11ab5 450fa7536e
commit
b4da157846
3 ha cambiato i file con 15 aggiunte e 0 eliminazioni
Visualizzazione unificata Mostra Diff Stats
  1. 3 0
      docs/reference/run.md
  2. 9 0
      man/docker-create.1.md
  3. 3 0
      man/docker-run.1.md

+ 3 - 0
docs/reference/run.md
Vedi File 

@@ -608,6 +608,9 @@ with the same logic -- if the original volume was specified with a name it will
 
                                          to the container
 
                                          to the container
 
     --security-opt="no-new-privileges" : Disable container processes from gaining
 
     --security-opt="no-new-privileges" : Disable container processes from gaining
 
                                          new privileges
 
                                          new privileges
 
+    --security-opt="seccomp:unconfined": Turn off seccomp confinement for the container
 
+    --security-opt="seccomp:profile.json: White listed syscalls seccomp Json file to be used as a seccomp filter
 
+
 
 
 
 You can override the default labeling scheme for each container by specifying
 
 You can override the default labeling scheme for each container by specifying
 
 the `--security-opt` flag. For example, you can specify the MCS/MLS level, a
 
 the `--security-opt` flag. For example, you can specify the MCS/MLS level, a

+ 9 - 0
man/docker-create.1.md
Vedi File 

@@ -316,6 +316,15 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
 
 **--security-opt**=[]
 
 **--security-opt**=[]
 
    Security Options
 
    Security Options
 
 
 
+   "label:user:USER"   : Set the label user for the container
 
+    "label:role:ROLE"   : Set the label role for the container
 
+    "label:type:TYPE"   : Set the label type for the container
 
+    "label:level:LEVEL" : Set the label level for the container
 
+    "label:disable"     : Turn off label confinement for the container
 
+    "no-new-privileges" : Disable container processes from gaining additional privileges
 
+    "seccomp:unconfined" : Turn off seccomp confinement for the container
 
+    "seccomp:profile.json :  White listed syscalls seccomp Json file to be used as a seccomp filter
 
+
 
 **--stop-signal**=*SIGTERM*
 
 **--stop-signal**=*SIGTERM*
 
   Signal to stop a container. Default is SIGTERM.
 
   Signal to stop a container. Default is SIGTERM.

+ 3 - 0
man/docker-run.1.md
Vedi File 

@@ -468,8 +468,11 @@ its root filesystem mounted as read only prohibiting any writes.
 
     "label:type:TYPE"   : Set the label type for the container
 
     "label:type:TYPE"   : Set the label type for the container
 
     "label:level:LEVEL" : Set the label level for the container
 
     "label:level:LEVEL" : Set the label level for the container
 
     "label:disable"     : Turn off label confinement for the container
 
     "label:disable"     : Turn off label confinement for the container
 
+
 
     "no-new-privileges" : Disable container processes from gaining additional privileges
 
     "no-new-privileges" : Disable container processes from gaining additional privileges
 
 
 
+    "seccomp:unconfined" : Turn off seccomp confinement for the container
 
+    "seccomp:profile.json :  White listed syscalls seccomp Json file to be used as a seccomp filter
 
 
 
 **--stop-signal**=*SIGTERM*
 
 **--stop-signal**=*SIGTERM*
 
   Signal to stop a container. Default is SIGTERM.
 
   Signal to stop a container. Default is SIGTERM.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5