github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

seccomp: allow quotactl with CAP_SYS_ADMIN

Browse Source 
This allows the quotactl syscall in the default seccomp profile, gated by
CAP_SYS_ADMIN.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2020-08-24 12:40:43 +02:00
parent 5862285fac
commit 5cdb6e81d2
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
contrib/seccomp/seccomp_default.go
View File

@ -525,6 +525,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"mount", "mount",
"name_to_handle_at", "name_to_handle_at",
"perf_event_open", "perf_event_open",
"quotactl",
"setdomainname", "setdomainname",
"sethostname", "sethostname",
"setns", "setns",