Skip to content

[release/1.2 backport] seccomp: whitelist statx syscall#3113

Merged
crosbymichael merged 1 commit intocontainerd:release/1.2from
thaJeztah:1.2_backport_whitelist_statx
Mar 20, 2019
Merged

[release/1.2 backport] seccomp: whitelist statx syscall#3113
crosbymichael merged 1 commit intocontainerd:release/1.2from
thaJeztah:1.2_backport_whitelist_statx

Conversation

@thaJeztah
Copy link
Copy Markdown
Member

@thaJeztah thaJeztah commented Mar 20, 2019

backport of #3111 for the release/1.2 branch

This whitelists the statx syscall; libseccomp-2.3.3 or up
is needed for this, older seccomp versions will ignore this.

Equivalent of moby/moby#36417
addresses docker/for-linux#616

@thaJeztah
seccomp: whitelist statx syscall
b0a8b6d 
This whitelists the statx syscall; libseccomp-2.3.3 or up
is needed for this, older seccomp versions will ignore this.

Equivalent of moby/moby#36417

Signed-off-by: Sebastiaan van Stijn <[email protected]>
(cherry picked from commit 8f8fd3c)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Mar 20, 2019

I just realised containerd itself does not apply the seccomp profile, but higher level tools can use the profile from contrib, so it's not strictly needed for backporting: feel free to close if that's prefered

@codecov-io
Copy link
Copy Markdown

codecov-io commented Mar 20, 2019
edited
Loading

Codecov Report

Merging #3113 into release/1.2 will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff              @@
##           release/1.2    #3113   +/-   ##
============================================
  Coverage        43.75%   43.75%           
============================================
  Files              101      101           
  Lines            10736    10736           
============================================
  Hits              4697     4697           
  Misses            5309     5309           
  Partials           730      730
Flag Coverage Δ
#linux 47.38% <ø> (ø) ⬆️
#windows 40.84% <ø> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5296db1...b0a8b6d. Read the comment docs.

estesp
estesp approved these changes Mar 20, 2019
View reviewed changes
Copy link
Copy Markdown
Member

@estesp estesp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@crosbymichael
Copy link
Copy Markdown
Member

crosbymichael commented Mar 20, 2019

LGTM

@crosbymichael crosbymichael merged commit 6d14516 into containerd:release/1.2 Mar 20, 2019
@thaJeztah thaJeztah deleted the 1.2_backport_whitelist_statx branch March 20, 2019 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@estesp estesp estesp approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@thaJeztah @codecov-io @crosbymichael @estesp