mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #25567 from justincormack/name_to_handle_at
Gate name_to_handle_at by CAP_SYS_ADMIN not CAP_DAC_READ_SEARCH
This commit is contained in:
Tibor Vass
GitHub
commit
19a3289250
1 changed files with 5 additions and 5 deletions
|
|
@ -1667,11 +1667,6 @@ func DefaultProfile(rs *specs.Spec) *types.Seccomp {
|
||||||
switch cap {
|
switch cap {
|
||||||
case "CAP_DAC_READ_SEARCH":
|
case "CAP_DAC_READ_SEARCH":
|
||||||
syscalls = append(syscalls, []*types.Syscall{
|
syscalls = append(syscalls, []*types.Syscall{
|
||||||
{
|
|
||||||
Name: "name_to_handle_at",
|
|
||||||
Action: types.ActAllow,
|
|
||||||
Args: []*types.Arg{},
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
Name: "open_by_handle_at",
|
Name: "open_by_handle_at",
|
||||||
Action: types.ActAllow,
|
Action: types.ActAllow,
|
||||||
|
|
@ -1706,6 +1701,11 @@ func DefaultProfile(rs *specs.Spec) *types.Seccomp {
|
||||||
Action: types.ActAllow,
|
Action: types.ActAllow,
|
||||||
Args: []*types.Arg{},
|
Args: []*types.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "name_to_handle_at",
|
||||||
|
Action: types.ActAllow,
|
||||||
|
Args: []*types.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "perf_event_open",
|
Name: "perf_event_open",
|
||||||
Action: types.ActAllow,
|
Action: types.ActAllow,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue