Skip to content

Commit 5eaf93c

Browse files
vvolandvvoland
committed
seccomp: block AF_ALG sockets by default
Add another NE case Signed-off-by: Paweł Gronowski <[email protected]>
1 parent c198c5d commit 5eaf93c

2 files changed

Lines changed: 10 additions & 0 deletions

File tree

seccomp/default.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -446,6 +446,11 @@
446446
"index": 0,
447447
"value": 40,
448448
"op": "SCMP_CMP_NE"
449+
},
450+
{
451+
"index": 0,
452+
"value": 38,
453+
"op": "SCMP_CMP_NE"
449454
}
450455
]
451456
},

seccomp/default_linux.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -444,6 +444,11 @@ func DefaultProfile() *Seccomp {
444444
Value: unix.AF_VSOCK,
445445
Op: specs.OpNotEqual,
446446
},
447+
{
448+
Index: 0,
449+
Value: unix.AF_ALG,
450+
Op: specs.OpNotEqual,
451+
},
447452
},
448453
},
449454
},

0 commit comments

Comments
 (0)