quotactl syscall is not allowed even when granting CAP_SYS_ADMIN using the default seccomp profile.
Steps to reproduce the issue:
- Run a container with xfstools with
CAP_SYS_ADMIN and CAP_SYS_PTRACE
- In the container
strace xfs_quota trying to alter quotas in a project
- repeat the above with SecurityOpt
"seccomp:unconfined"
Describe the results you received:
Error calling quotactl initially whereas with "seccomp:unconfined" the command succeeds
Describe the results you expected:
Be allowed to call quotactl since CAP_SYS_ADMIN is granted.
quotactlsyscall is not allowed even when grantingCAP_SYS_ADMINusing the default seccomp profile.Steps to reproduce the issue:
CAP_SYS_ADMINandCAP_SYS_PTRACEstrace xfs_quotatrying to alter quotas in a project"seccomp:unconfined"Describe the results you received:
Error calling
quotactlinitially whereas with"seccomp:unconfined"the command succeedsDescribe the results you expected:
Be allowed to call
quotactlsinceCAP_SYS_ADMINis granted.