Skip to content

Commit 40ce36f

Browse files
crosbymichaelcrosbymichael
authored
Merge pull request #4492 from thaJeztah/seccomp_updates
seccomp: sync some changes with Docker/Moby's profile
2 parents 0586589 + 0a5ee7e commit 40ce36f

1 file changed

Lines changed: 37 additions & 1 deletion

File tree

contrib/seccomp/seccomp_default.go

Lines changed: 37 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
5555
"accept",
5656
"accept4",
5757
"access",
58+
"adjtimex",
5859
"alarm",
5960
"bind",
6061
"brk",
@@ -191,6 +192,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
191192
"lstat",
192193
"lstat64",
193194
"madvise",
195+
"membarrier",
194196
"memfd_create",
195197
"mincore",
196198
"mkdir",
@@ -235,11 +237,13 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
235237
"prctl",
236238
"pread64",
237239
"preadv",
240+
"preadv2",
238241
"prlimit64",
239242
"pselect6",
240243
"pselect6_time64",
241244
"pwrite64",
242245
"pwritev",
246+
"pwritev2",
243247
"read",
244248
"readahead",
245249
"readlink",
@@ -408,6 +412,28 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
408412
},
409413
},
410414
},
415+
{
416+
Names: []string{"personality"},
417+
Action: specs.ActAllow,
418+
Args: []specs.LinuxSeccompArg{
419+
{
420+
Index: 0,
421+
Value: 0x20000,
422+
Op: specs.OpEqualTo,
423+
},
424+
},
425+
},
426+
{
427+
Names: []string{"personality"},
428+
Action: specs.ActAllow,
429+
Args: []specs.LinuxSeccompArg{
430+
{
431+
Index: 0,
432+
Value: 0x20008,
433+
Op: specs.OpEqualTo,
434+
},
435+
},
436+
},
411437
{
412438
Names: []string{"personality"},
413439
Action: specs.ActAllow,
@@ -429,11 +455,20 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
429455

430456
// include by arch
431457
switch runtime.GOARCH {
458+
case "ppc64le":
459+
s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
460+
Names: []string{
461+
"sync_file_range2",
462+
},
463+
Action: specs.ActAllow,
464+
Args: []specs.LinuxSeccompArg{},
465+
})
432466
case "arm", "arm64":
433467
s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
434468
Names: []string{
435469
"arm_fadvise64_64",
436470
"arm_sync_file_range",
471+
"sync_file_range2",
437472
"breakpoint",
438473
"cacheflush",
439474
"set_tls",
@@ -490,6 +525,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
490525
"mount",
491526
"name_to_handle_at",
492527
"perf_event_open",
528+
"quotactl",
493529
"setdomainname",
494530
"sethostname",
495531
"setns",
@@ -553,7 +589,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
553589
Names: []string{
554590
"settimeofday",
555591
"stime",
556-
"adjtimex",
592+
"clock_settime",
557593
},
558594
Action: specs.ActAllow,
559595
Args: []specs.LinuxSeccompArg{},

0 commit comments

Comments
 (0)