Skip to content

Commit

Permalink
Merge pull request #208 from gabemontero/nalins-seccomp-45
Browse files Browse the repository at this point in the history 
Force use of runc, since we know we're privileged, and customize our seccomp filter
  • Loading branch information
@openshift-merge-robot
openshift-merge-robot committed Jan 22, 2021
2 parents 0fff08e + 3601dc3 commit 32750e1
Show file tree
Hide file tree
Showing 7 changed files with 932 additions and 26 deletions.
3 changes: 2 additions & 1 deletion Dockerfile
View file
Expand Up @@ -6,7 +6,7 @@ RUN hack/build.sh
FROM registry.svc.ci.openshift.org/openshift/origin-v4.0:base
# TODO: Add fuse-overlayfs once we build off of RHEL-8 UBI
RUN INSTALL_PKGS=" \
bind-utils bsdtar findutils git hostname lsof socat \
bind-utils bsdtar findutils git hostname lsof runc socat \
sysvinit-tools tar tree util-linux wget which \
" && \
yum install -y --setopt=skip_missing_names_on_install=False $INSTALL_PKGS && \
Expand All @@ -15,6 +15,7 @@ COPY --from=builder /go/src/github.com/openshift/builder/openshift-builder /usr/
COPY imagecontent/policy.json /etc/containers/
COPY imagecontent/registries.conf /etc/containers/
COPY imagecontent/storage.conf /etc/containers/
COPY imagecontent/usr/share/containers /usr/share/containers
RUN mkdir -p /var/cache/blobs \
/var/lib/shared/overlay-images \
/var/lib/shared/overlay-layers && \
Expand Down
3 changes: 2 additions & 1 deletion Dockerfile-dev
View file
Expand Up @@ -5,14 +5,15 @@ LABEL io.k8s.display-name="OpenShift Origin Builder" \

# TODO: Add fuse-overlayfs once we build off of RHEL-8 UBI
RUN INSTALL_PKGS=" \
bind-utils bsdtar findutils git hostname lsof socat \
bind-utils bsdtar findutils git hostname lsof runc socat \
sysvinit-tools tar tree util-linux wget which \
" && \
yum install -y --setopt=skip_missing_names_on_install=False ${INSTALL_PKGS} && \
yum clean all

COPY imagecontent/policy.json /etc/containers/
COPY imagecontent/registries.conf /etc/containers/
COPY imagecontent/usr/share/containers /usr/share/containers
COPY imagecontent/storage.conf /etc/containers/
RUN mkdir -p /var/cache/blobs \
/var/lib/shared/overlay-images \
Expand Down
3 changes: 2 additions & 1 deletion Dockerfile.rhel7
View file
Expand Up @@ -6,7 +6,7 @@ RUN hack/build.sh
FROM registry.svc.ci.openshift.org/ocp/4.0:base
# TODO: Add fuse-overlayfs once we build off of RHEL-8 UBI
RUN INSTALL_PKGS=" \
bind-utils bsdtar findutils git hostname lsof socat \
bind-utils bsdtar findutils git hostname lsof runc socat \
sysvinit-tools tar tree util-linux wget which \
" && \
yum install -y --setopt=skip_missing_names_on_install=False $INSTALL_PKGS && \
Expand All @@ -15,6 +15,7 @@ COPY --from=builder /go/src/github.com/openshift/builder/openshift-builder /usr/
COPY imagecontent/policy.json /etc/containers/
COPY imagecontent/registries.conf /etc/containers/
COPY imagecontent/storage.conf /etc/containers/
COPY imagecontent/usr/share/containers /usr/share/containers
RUN mkdir -p /var/cache/blobs \
/var/lib/shared/overlay-images \
/var/lib/shared/overlay-layers && \
Expand Down
24 changes: 22 additions & 2 deletions go.sum
View file

Large diffs are not rendered by default.

0 comments on commit 32750e1

Please sign in to comment.