github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

seccomp: allow personality with UNAME26 bit set

Browse Source 
From personality(2):

    Have uname(2) report a 2.6.40+ version number rather than a 3.x version
    number.  Added as a stopgap measure to support broken applications that
    could not handle the  kernel  version-numbering  switch  from 2.6.x to 3.x.

This allows both "UNAME26|PER_LINUX" and "UNAME26|PER_LINUX32".

Fixes: "setarch broken in docker packages from Debian stretch"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2020-08-24 12:27:14 +02:00
parent fc9e5d161a
commit 117d678749
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
contrib/seccomp/seccomp_default.go
View File

@ -412,6 +412,28 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
}, },
}, },
}, },
{
Names: []string{"personality"},
Action: specs.ActAllow,
Args: []specs.LinuxSeccompArg{
{
Index: 0,
Value: 0x20000,
Op: specs.OpEqualTo,
},
},
},
{
Names: []string{"personality"},
Action: specs.ActAllow,
Args: []specs.LinuxSeccompArg{
{
Index: 0,
Value: 0x20008,
Op: specs.OpEqualTo,
},
},
},
{ {
Names: []string{"personality"}, Names: []string{"personality"},
Action: specs.ActAllow, Action: specs.ActAllow,