github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
5,531 Commits 3 Branches 2 Tags 112 MiB
12cb1554be
Commit Graph

15 Commits

Author SHA1 Message Date
Michael Crosby
779701b29c Add --seccomp flag to ctr 
This enables testing of containers with the default seccomp profile

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-08-29 13:02:21 -04:00
Michael Crosby
86f8be86e1 Add sigprocmask to default profile 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-08-29 11:07:03 -04:00
Kenta Tada
5b9a43d2e7 Fix seccomp contributed profile for clone syscall 
All clone flags for namespace should be denied.
Also x/sys should be used instead of syscall.

Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>
 2019-06-03 14:23:34 +09:00
Sebastiaan van Stijn
8f8fd3c3a8
seccomp: whitelist statx syscall 
This whitelists the statx syscall; libseccomp-2.3.3 or up
is needed for this, older seccomp versions will ignore this.

Equivalent of https://github.com/moby/moby/pull/36417

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-03-20 11:59:02 +01:00
Avi Kivity
4506eb45bf seccomp: whitelist io_pgetevents 
io_pgetevents() is a new Linux system call, similar to the already-whitelisted
io_getevents(). It has no security implications. Whitelist it so applications can
use the new system call.

Fixes #3105.

Signed-off-by: Avi Kivity <avi@scylladb.com>
 2019-03-19 11:56:32 +02:00
zhangyue
996c60616a fix: fix error info start capitalized 
Signed-off-by: zhangyue <zy675793960@yeah.net>
 2018-11-28 15:26:16 +08:00
nashasha1
7f03ad6579 Fix typos 
Signed-off-by: nashasha1 <a4012017@sina.com>
 2018-09-07 16:59:42 +08:00
Justin Cormack
9435aeeb30
The set of bounding capabilities is the largest group 
No capabilities can be granted outside the bounding set, so there
is no point looking at any other set for the largest scope.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2018-03-28 17:36:46 -07:00
Kunal Kushwaha
b12c3215a0 Licence header added 
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
 2018-02-19 10:32:26 +09:00
Justin Cormack
35be3d5127 Remove a really confusing fallthrough 
This is so confusing, and not needed.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2018-02-08 16:22:29 +00:00
Michael Crosby
d179c61231 Revert "Use jsoniteer for faster json encoding/decoding" 
This reverts commit 4233b87b89.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-01-29 15:47:48 -05:00
Michael Crosby
4233b87b89 Use jsoniteer for faster json encoding/decoding 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-01-26 16:32:55 -05:00
Daniel Nephin
cdf62f69a1 Fix usage of oci in other packages. 
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
 2017-11-27 16:16:17 -05:00
Mike Brown
120bb4cd47 fixes missing default permission 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-20 13:15:39 -05:00
Mike Brown
426650f21b adds seccomp helpers 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-13 13:11:30 -05:00