github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

seccomp: allow io-uring related system calls

Browse Source 
Adds the io-uring related system call introduced in kernel 5.1 to the
seccomp whitelist. With older kernels or older versions of libseccomp,
this configure will be omitted.

Note that io_uring will grow support for more syscalls in the future
so we should keep an eye on this.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2020-08-24 12:54:04 +02:00
parent c8523cc5bb
commit 325bac7c71
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
contrib/seccomp/seccomp_default.go
View File

@ -174,6 +174,9 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"ioprio_set",
"io_setup",
"io_submit",
"io_uring_enter",
"io_uring_register",
"io_uring_setup",
"ipc",
"kill",
"lchown",