Runner config assets
seccomp.json is a pinned copy of Docker/Moby's default seccomp
profile. It is copied to /etc/shithubd-runner/seccomp.json by the
shithubd-runner Ansible role and passed to each step container via:
--security-opt=seccomp=/etc/shithubd-runner/seccomp.json
Source: moby/moby commit
7d169a7f0ccd8f79edb6ad02ba20025cb487b217,
vendor/github.com/moby/profiles/seccomp/default.json.
Update this file deliberately when changing Docker daemon versions or runner syscall posture.
View source
| 1 | # Runner config assets |
| 2 | |
| 3 | `seccomp.json` is a pinned copy of Docker/Moby's default seccomp |
| 4 | profile. It is copied to `/etc/shithubd-runner/seccomp.json` by the |
| 5 | `shithubd-runner` Ansible role and passed to each step container via: |
| 6 | |
| 7 | ```sh |
| 8 | --security-opt=seccomp=/etc/shithubd-runner/seccomp.json |
| 9 | ``` |
| 10 | |
| 11 | Source: `moby/moby` commit |
| 12 | `7d169a7f0ccd8f79edb6ad02ba20025cb487b217`, |
| 13 | `vendor/github.com/moby/profiles/seccomp/default.json`. |
| 14 | |
| 15 | Update this file deliberately when changing Docker daemon versions or |
| 16 | runner syscall posture. |