Skip to content

seccomp: add pidfd syscalls#41665

Merged
justincormack merged 2 commits intomoby:masterfrom
mikroskeem:41664-pidfd-syscalls-support
Nov 13, 2020
Merged

seccomp: add pidfd syscalls#41665
justincormack merged 2 commits intomoby:masterfrom
mikroskeem:41664-pidfd-syscalls-support

Conversation

@mikroskeem
Copy link
Copy Markdown
Contributor

@mikroskeem mikroskeem commented Nov 11, 2020

- What I did

Added pidfd_{getfd, open, send_signal} syscalls into default seccomp profile, closes issue #41664.

- How I did it

By adding syscall names into the json file.

- How to verify it

See docker/for-linux#1142 reproduction steps.

- Description for the changelog

Add support for pidfd_* syscalls into default seccomp profile. Closes #41664

- A picture of a cute animal (not mandatory but encouraged)

Maybe this Bernese Mountain Dog will do

@mikroskeem mikroskeem changed the title seccomp: add pidfd syscalls support seccomp: add pidfd syscalls Nov 11, 2020
@mikroskeem mikroskeem force-pushed the 41664-pidfd-syscalls-support branch 2 times, most recently from 013520e to e5e238b Compare November 11, 2020 14:31
AkihiroSuda
AkihiroSuda reviewed Nov 11, 2020
View reviewed changes
Comment thread profiles/seccomp/default_linux.go Outdated
@AkihiroSuda AkihiroSuda added area/security/seccomp kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. labels Nov 11, 2020
@mikroskeem mikroskeem force-pushed the 41664-pidfd-syscalls-support branch from e5e238b to fd41ae9 Compare November 11, 2020 22:17
@thaJeztah
Copy link
Copy Markdown
Member

thaJeztah commented Nov 11, 2020

@justincormack PTAL

@mikroskeem
Copy link
Copy Markdown
Contributor Author

mikroskeem commented Nov 12, 2020

Should I also create a separate PR against 19.03 branch btw?

@thaJeztah
Copy link
Copy Markdown
Member

thaJeztah commented Nov 12, 2020

Should I also create a separate PR against 19.03 branch btw?

Changes to the 19.03 branch are backported / cherry-picked after a PR is merged on master. (Also wanting to wait for review, and to discuss if this change is "safe" to backport to 19.03, as docker 20.10 is imminent, and 19.03 is quite late in its support cycle).

If this PR is accepted/merged, a PR should likely be opened in the containerd repository as well, to update the seccomp-profile accordingly

justincormack
justincormack reviewed Nov 12, 2020
View reviewed changes
Comment thread profiles/seccomp/default.json Outdated
@mikroskeem mikroskeem force-pushed the 41664-pidfd-syscalls-support branch from fd41ae9 to f7bcb02 Compare November 12, 2020 13:31
@justincormack justincormack merged commit b6bfff2 into moby:master Nov 13, 2020
@thaJeztah thaJeztah added this to the 20.10.0 milestone Nov 13, 2020
This was referenced Nov 13, 2020
Merged
Merged
@delfer delfer mentioned this pull request Oct 30, 2023
Open
@talex5 talex5 mentioned this pull request Mar 24, 2024
Merged
@YHNdnzj YHNdnzj mentioned this pull request Jan 13, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda left review comments

+1 more reviewer

@justincormack justincormack justincormack approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area/security/seccomp impact/changelog kind/enhancement Enhancements are not bugs or new features but can improve usability or performance.

Projects

None yet

Milestone

20.10.0

Development

Successfully merging this pull request may close these issues.

pidfd_send_signal and pidfd_open syscalls support

4 participants

@mikroskeem @thaJeztah @justincormack @AkihiroSuda