Skip to content

change security fields to optional #325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

change security fields to optional #325

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions config-linux.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -488,7 +488,7 @@ The kernel enforces the `soft` limit for a resource while the `hard` limit acts

## SELinux process label

SELinux process label specifies the label with which the processes in a container are run.
`selinuxProcessLabel` *(string, optional)* specifies the label with which the processes in a container are run.
For more information about SELinux, see [Selinux documentation](http://selinuxproject.org/page/Main_Page)

###### Example
Expand All @@ -499,7 +499,7 @@ For more information about SELinux, see [Selinux documentation](http://selinuxp

## Apparmor profile

Apparmor profile specifies the name of the apparmor profile that will be used for the container.
`apparmorProfile` *(string, optional)* specifies the name of the apparmor profile that will be used for the container.
For more information about Apparmor, see [Apparmor documentation](https://wiki.ubuntu.com/AppArmor)

###### Example
Expand All @@ -510,7 +510,7 @@ For more information about Apparmor, see [Apparmor documentation](https://wiki.u

## seccomp

Seccomp provides application sandboxing mechanism in the Linux kernel.
`seccomp` *(pointer of object, optional)* provides application sandboxing mechanism in the Linux kernel.
Seccomp configuration allows one to configure actions to take for matched syscalls and furthermore also allows matching on values passed as arguments to syscalls.
For more information about Seccomp, see [Seccomp kernel documentation](https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt)
The actions, architectures, and operators are strings that match the definitions in seccomp.h from [libseccomp](https://github.com/seccomp/libseccomp) and are translated to corresponding values.
Expand Down
6 changes: 3 additions & 3 deletions config_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,11 @@ type Linux struct {
// Devices are a list of device nodes that are created for the container
Devices []Device `json:"devices"`
// ApparmorProfile specified the apparmor profile for the container.
ApparmorProfile string `json:"apparmorProfile"`
ApparmorProfile string `json:"apparmorProfile,omitempty"`
// SelinuxProcessLabel specifies the selinux context that the container process is run as.
SelinuxProcessLabel string `json:"selinuxProcessLabel"`
SelinuxProcessLabel string `json:"selinuxProcessLabel,omitempty"`
// Seccomp specifies the seccomp security settings for the container.
Seccomp Seccomp `json:"seccomp"`
Seccomp *Seccomp `json:"seccomp,omitempty"`
// RootfsPropagation is the rootfs mount propagation mode for the container.
RootfsPropagation string `json:"rootfsPropagation,omitempty"`
// NoNewPrivileges controls whether additional privileges could be gained by processes in the container.
Expand Down