kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Block clock_adjtime in default seccomp config

Browse source 
clock_adjtime is the new posix style version of adjtime allowing
a specific clock to be specified. Time is not namespaced, so do
not allow.

Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
This commit is contained in:
Justin Cormack 2015-12-29 12:48:16 +00:00
parent eb551baf6f
commit 0e5c43cdda
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
daemon/execdriver/native/seccomp_default.go
View file

@ -28,6 +28,12 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Errno,
Args: []*configs.Arg{},
},
{
// Time/Date is not namespaced
Name: "clock_adjtime",
Action: configs.Errno,
Args: []*configs.Arg{},
},
{
// Time/Date is not namespaced
Name: "clock_settime",