github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

seccomp: kernel 5.13 (landlock_{add_rule,create_ruleset,restrict_self})

Browse Source 
Allow the following syscalls by default:
- `landlock_add_rule`
- `landlock_create_ruleset`
- `landlock_restrict_self`

See https://landlock.io/

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda
2022-01-31 15:29:38 +09:00
parent 1329ea3716
commit 17a2831f70
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
contrib/seccomp/seccomp_default.go
View File

@@ -184,6 +184,9 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"io_uring_setup", "io_uring_setup",
"ipc", "ipc",
"kill", "kill",
"landlock_add_rule",
"landlock_create_ruleset",
"landlock_restrict_self",
"lchown", "lchown",
"lchown32", "lchown32",
"lgetxattr", "lgetxattr",