github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #4730 from thaJeztah/update_seccomp_profile

Browse Source 
seccomp: add pidfd syscalls
This commit is contained in:
Phil Estes 2020-11-13 09:24:34 -05:00 committed by GitHub
commit 0ec47b3348
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
contrib/seccomp/seccomp_default.go
View File

@ -232,6 +232,8 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"openat", "openat",
"openat2", "openat2",
"pause", "pause",
"pidfd_open",
"pidfd_send_signal",
"pipe", "pipe",
"pipe2", "pipe2",
"poll", "poll",
@ -571,6 +573,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{ s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
Names: []string{ Names: []string{
"kcmp", "kcmp",
"pidfd_getfd",
"process_vm_readv", "process_vm_readv",
"process_vm_writev", "process_vm_writev",
"ptrace", "ptrace",