* Update linuxkit/alpine
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* tools/alpine: Update to latest
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* tools: Update to the latest linuxkit/alpine
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* Update use of tools to latest
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* tests: Update packages to the latest linuxkit/alpine
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* Update use of test packages to latest
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* pkgs: Update packages to the latest linuxkit/alpine
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* Update package tags
Signed-off-by: Avi Deitcher <avi@deitcher.net>
---------
Signed-off-by: Avi Deitcher <avi@deitcher.net>
This was added to alpine since our package was created. Now we have upgraded we
can just use the binary.
The package contains an auditd.conf but we have a tweak local copy which writes
to stdio (which goes to /var/log/auditd.*.log already). The package doesn't
have an audit.rules so keep that here too.
Signed-off-by: Ian Campbell <ijc@docker.com>
By running:
./scripts/update-component-sha.sh --image linuxkit/alpine ad35b6ddbc70faa07e59a9d7dee7707c08122e8d
Signed-off-by: Ian Campbell <ijc@docker.com>
Two things to note here: we unfortunately can't just exec audit, because
something needs to load the rules in beforehand.
Second, it also dies if it can't re-nice itself, so we have to give it
CAP_SYS_NICE as well as the audit caps.
I didn't add this to the default linuxkit.yml because the linuxkit/audit
repo doesn't exist yet, but we should probably (?) do that. Additionally,
we should provide the kernel parameter audit=1, otherwise according to
auditd's man pages, we can't audit some early tasks.
Closes#52
Signed-off-by: Tycho Andersen <tycho@docker.com>
