seccomp: add annotations and test for docker runtime

Signed-off-by: Jess Frazelle <me@jessfraz.com>
2025-11-01 18:58:18 +00:00 · 2016-05-08 15:26:37 -07:00
parent caa2e1713c
commit aa8c72adaa
12 changed files with 1239 additions and 1015 deletions
--- a/docs/admin/kubelet.md
+++ b/docs/admin/kubelet.md
@@ -149,6 +149,7 @@ kubelet
      --root-dir="/var/lib/kubelet": Directory path for managing kubelet files (volume mounts,etc).
      --runonce[=false]: If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api-servers, and --enable-server
      --runtime-cgroups="": Optional absolute name of cgroups to create and run the runtime in.
+      --seccomp-profile-root="/var/lib/kubelet/seccomp": Directory path for seccomp profiles.
      --serialize-image-pulls[=true]: Pull images one at a time. We recommend *not* changing the default value on nodes that run docker daemon with version < 1.9 or an Aufs storage backend. Issue #10959 has more details. [default=true]
      --streaming-connection-idle-timeout=4h0m0s: Maximum time a streaming connection can be idle before the connection is automatically closed. 0 indicates no timeout. Example: '5m'
      --sync-frequency=1m0s: Max period between synchronizing running containers and config
@@ -160,7 +161,7 @@ kubelet
      --volume-stats-agg-period=1m0s: Specifies interval for kubelet to calculate and cache the volume disk usage for all pods and volumes.  To disable volume calculations, set to 0.  Default: '1m'
 ```

-###### Auto generated by spf13/cobra on 21-May-2016
+###### Auto generated by spf13/cobra on 24-May-2016


 <!-- BEGIN MUNGE: GENERATED_ANALYTICS -->