Skip to content

seccomp: allow 'rseq' syscall in default seccomp profile #4347

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
estesp merged 1 commit into from
Jun 26, 2020
Merged

seccomp: allow 'rseq' syscall in default seccomp profile #4347

estesp merged 1 commit into from
Jun 26, 2020

Conversation

@Flowdalic
Copy link
Contributor

@Flowdalic Flowdalic commented Jun 26, 2020
edited
Loading

Restartable Sequences (rseq) are a kernel-based mechanism for fast
update operations on per-core data in user-space. Some libraries, like
the newest version of Google's TCMalloc, depend on it [1].

This also makes dockers default seccomp profile on par with systemd's,
which enabled 'rseq' in early 2019 [2].

1: https://google.github.io/tcmalloc/design.html
2: systemd/systemd@6fee3be

@Flowdalic
seccomp: allow 'rseq' syscall in default seccomp profile
e977564 
Restartable Sequences (rseq) are a kernel-based mechanism for fast
update operations on per-core data in user-space. Some libraries, like
the newest version of Google's TCMalloc, depend on it [1].

This also makes dockers default seccomp profile on par with systemd's,
which enabled 'rseq' in early 2019 [2].

1: https://google.github.io/tcmalloc/design.html
2: systemd/systemd@6fee3be

Signed-off-by: Florian Schmaus <[email protected]>
@Flowdalic
Copy link
Contributor Author

Flowdalic commented Jun 26, 2020

Follow up of moby/moby#41158 (comment)

@Flowdalic Flowdalic mentioned this pull request Jun 26, 2020
Merged
@theopenlab-ci
Copy link

theopenlab-ci bot commented Jun 26, 2020

Build succeeded.

thaJeztah
thaJeztah approved these changes Jun 26, 2020
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

estesp
estesp approved these changes Jun 26, 2020
View reviewed changes
Copy link
Member

@estesp estesp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@estesp estesp merged commit 01a53c2 into containerd:master Jun 26, 2020
@Flowdalic Flowdalic deleted the allow-rseq-seccomp branch June 26, 2020 18:12
@thaJeztah thaJeztah mentioned this pull request Sep 14, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@estesp estesp estesp approved these changes

@thaJeztah thaJeztah thaJeztah approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Flowdalic @estesp @thaJeztah