github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE

Browse Source 
This aligns the profile with docker's profile, which added this in
47dfff68e4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2022-07-14 10:39:55 +02:00
parent bb6278749e
commit bbb8d34704
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
contrib/seccomp/seccomp_default.go
View File

@ -652,6 +652,16 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
Action: specs.ActAllow, Action: specs.ActAllow,
Args: []specs.LinuxSeccompArg{}, Args: []specs.LinuxSeccompArg{},
}) })
case "CAP_SYS_NICE":
s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
Names: []string{
"get_mempolicy",
"mbind",
"set_mempolicy",
},
Action: specs.ActAllow,
Args: []specs.LinuxSeccompArg{},
})
case "CAP_SYSLOG": case "CAP_SYSLOG":
s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{ s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
Names: []string{"syslog"}, Names: []string{"syslog"},