github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Don't allow io_uring related syscalls in the RuntimeDefault seccomp profile.

Browse Source 
Signed-off-by: Vinayak Goyal <vinaygo@google.com>
This commit is contained in:
Vinayak Goyal
2023-11-02 01:16:03 +00:00
parent 19ff94b701
commit a48ddf4a20
2 changed files with 36 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
contrib/seccomp/seccomp_default.go
View File

@@ -183,9 +183,6 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"ioprio_set",
"io_setup",
"io_submit",
"io_uring_enter",
"io_uring_register",
"io_uring_setup",
"ipc",
"kill",
"landlock_add_rule",