github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #7693 from hoyosjs/juhoyosa/enable-ptrace-proc-vm-apis

Browse Source 
Add process_vm read and write calls to default seccomp profile
This commit is contained in:
Kazuyoshi Kato 2022-11-21 12:02:42 -08:00 committed by GitHub
commit 20cb9a9fd8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
contrib/seccomp/seccomp_default.go
View File

@ -489,7 +489,11 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
kernelversion.KernelVersion{Kernel: 4, Major: 8}); err == nil {
if ok {
s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
Names: []string{"ptrace"},
Names: []string{
"process_vm_read",
"process_vm_write",
"ptrace",
},
Action: specs.ActAllow,
Args: []specs.LinuxSeccompArg{},
})