kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Merge pull request #25567 from justincormack/name_to_handle_at

Browse source 
Gate name_to_handle_at by CAP_SYS_ADMIN not CAP_DAC_READ_SEARCH
This commit is contained in:
Tibor Vass 2016-08-10 12:02:23 -07:00 committed by GitHub
commit 19a3289250
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
profiles/seccomp/seccomp_default.go
View file

@ -1667,11 +1667,6 @@ func DefaultProfile(rs *specs.Spec) *types.Seccomp {
switch cap {
case "CAP_DAC_READ_SEARCH":
syscalls = append(syscalls, []*types.Syscall{
{
Name: "name_to_handle_at",
Action: types.ActAllow,
Args: []*types.Arg{},
},
{
Name: "open_by_handle_at",
Action: types.ActAllow,
@ -1706,6 +1701,11 @@ func DefaultProfile(rs *specs.Spec) *types.Seccomp {
Action: types.ActAllow,
Args: []*types.Arg{},
},
{
Name: "name_to_handle_at",
Action: types.ActAllow,
Args: []*types.Arg{},
},
{
Name: "perf_event_open",
Action: types.ActAllow,