0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/contrib
History
Eric Windisch 87376c3add Introduce a dedicated unconfined AA policy 
By using the 'unconfined' policy for privileged
containers, we have inherited the host's apparmor
policies, which really make no sense in the
context of the container's filesystem.

For instance, policies written against
the paths of binaries such as '/usr/sbin/tcpdump'
can be easily circumvented by moving the binary
within the container filesystem.

Fixes GH#5490

Signed-off-by: Eric Windisch <eric@windisch.us>
2015-07-22 11:28:32 -04:00
..
apparmor Introduce a dedicated unconfined AA policy 2015-07-22 11:28:32 -04:00
builder Merge pull request #14609 from ewindisch/apparmor-policy 2015-07-21 08:48:02 -07:00
completion Merge pull request #14555 from sdurrheimer/master 2015-07-15 10:40:41 -07:00
desktop-integration .: remove trailing white spaces 2015-03-25 13:38:17 -04:00
docker-device-tool trivial: typo cleanup 2015-04-27 13:35:08 -07:00
host-integration .: remove trailing white spaces 2015-03-25 13:38:17 -04:00
httpserver integ-cli: Implement remote FakeStorage server for build via URL tests 2015-03-09 12:03:55 -07:00
init Revert "contrib/init: unshare mount namespace for inits" 2015-06-15 10:35:17 -07:00
mkimage Moving man pages out of docs 2015-06-10 13:43:35 -07:00
reprepro add tianon's suites.sh file 2015-07-15 12:48:49 -07:00
syntax Various cleanups added to asbjornenge/Docker.tmbundle (by the TM maintainer) and support for the LABEL instruction 2015-06-15 00:04:05 +02:00
udev Add udev rules files for hiding the docker loopback devices from udisks 2013-12-02 09:11:06 -07:00
vagrant-docker IANA allocated Docker port: 2375 2014-06-04 06:54:19 +10:00
check-config.sh Don't check RESOURCE_COUNTERS in new kernel 2015-06-03 17:26:39 +08:00
dockerize-disk.sh Fix dockerize-disk.sh working in non-en locale 2015-07-02 16:08:12 -07:00
download-frozen-image.sh Allow download-frozen-image.sh to work on user images too 2015-05-06 12:05:17 -06:00
mkimage-alpine.sh mkimage-alpine.sh: Allow to change ARCH from the environment 2015-02-13 13:57:04 +01:00
mkimage-arch-pacman.conf mkimage-arch: provide and use own pacman.conf 2014-01-21 14:22:56 +01:00
mkimage-arch.sh mkimage-arch: set C.UTF-8 default locale 2015-04-01 00:40:34 +08:00
mkimage-busybox.sh mkimage: use /var/tmp by default instead of /tmp 2014-06-27 14:43:12 +02:00
mkimage-crux.sh mkimage: use /var/tmp by default instead of /tmp 2014-06-27 14:43:12 +02:00
mkimage-debootstrap.sh .: remove trailing white spaces 2015-03-25 13:38:17 -04:00
mkimage-rinse.sh Moving man pages out of docs 2015-06-10 13:43:35 -07:00
mkimage-yum.sh Patch mkimage-yum.sh to work with Amazon Linux (2014.09) 2015-02-18 15:17:15 -08:00
mkimage.sh fix help message for mkimage debootstrap with components 2014-10-01 23:18:23 +02:00
mkseccomp.pl Update to double-dash everywhere 2014-03-13 11:46:02 -06:00
mkseccomp.sample added capabilities needed by new sysinit 2014-01-14 19:27:31 +01:00
nuke-graph-directory.sh Fix a bashism and some minor bugs in nuke-graph-directory.sh 2014-12-12 11:51:12 -07:00
project-stats.sh Link to HTTPS urls in contrib comments/maintainers 2015-04-11 13:35:08 -04:00
README Add contrib/ directory, README, and script to create a basic busybox image 2013-03-14 03:16:42 +00:00
report-issue.sh .: remove trailing white spaces 2015-03-25 13:38:17 -04:00
REVIEWERS Remove subdirectories MAINTAINERS files 2015-03-06 18:21:51 -08:00

README 

The `contrib` directory contains scripts, images, and other helpful things
which are not part of the core docker distribution. Please note that they
could be out of date, since they do not receive the same attention as the
rest of the repository.