airship/treasuremap
Code Issues Proposed changes
342c9eedd5
treasuremap/global/baremetal/bootactions/seccomp-profiles.yaml
Smruti Soumitra Khuntia 37d6994224 Delivery of default seccomp Profile on each Host on site deployment 
- A new schema for a Deckhand document that contains a Seccomp default
   profile.
 - A Seccomp profile that creates the default seccomp profile file
   at defined seccomp profile root.
 - A bootaction that puts the default seccomp profile in place.
 - Modified Kubelet config to support seccomp profile root dir's path.

Change-Id: I83fb3cab11cec5ddf3bceefbc0cb1c7222ae06f4
2018-10-15 05:49:35 +00:00

32 lines
630 B
YAML
Raw Blame History

---
schema: 'drydock/BootAction/v1'
metadata:
schema: 'metadata/Document/v1'
name: seccomp-profiles
storagePolicy: 'cleartext'
layeringDefinition:
abstract: false
layer: global
substitutions:
- src:
schema: pegleg/SeccompProfile/v1
name: seccomp-default
path: .savePath
dest:
path: .assets[0].path
- src:
schema: pegleg/SeccompProfile/v1
name: seccomp-default
path: .content
dest:
path: .assets[0].data
data:
signaling: false
assets:
- type: file
permissions: '600'
data_pipeline:
- utf8_decode
...
View Git Blame Copy Permalink