kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Merge pull request #42649 from kinvolk/rata/seccomp-default-errno

Browse source 
seccomp: Use explicit DefaultErrnoRet
This commit is contained in:
Sebastiaan van Stijn 2021-08-03 15:13:42 +02:00 committed by GitHub
commit 2480bebf59
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
profiles/seccomp/default.json
View file

@ -1,5 +1,6 @@
{ {
"defaultAction": "SCMP_ACT_ERRNO", "defaultAction": "SCMP_ACT_ERRNO",
"defaultErrnoRet": 1,
"archMap": [ "archMap": [
{ {
"architecture": "SCMP_ARCH_X86_64", "architecture": "SCMP_ARCH_X86_64",

2
profiles/seccomp/default_linux.go
View file

@ -753,9 +753,11 @@ func DefaultProfile() *Seccomp {
}, },
} }
errnoRet := uint(unix.EPERM)
return &Seccomp{ return &Seccomp{
LinuxSeccomp: specs.LinuxSeccomp{ LinuxSeccomp: specs.LinuxSeccomp{
DefaultAction: specs.ActErrno, DefaultAction: specs.ActErrno,
DefaultErrnoRet: &errnoRet,
}, },
ArchMap: arches(), ArchMap: arches(),
Syscalls: syscalls, Syscalls: syscalls,

1
profiles/seccomp/fixtures/example.json
View file

@ -1,5 +1,6 @@
{ {
"defaultAction": "SCMP_ACT_ERRNO", "defaultAction": "SCMP_ACT_ERRNO",
"defaultErrnoRet": 1,
"syscalls": [ "syscalls": [
{ {
"name": "clone", "name": "clone",

2
profiles/seccomp/seccomp_test.go
View file

@ -23,8 +23,10 @@ func TestLoadProfile(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
var expectedErrno uint = 12345 var expectedErrno uint = 12345
var expectedDefaultErrno uint = 1
expected := specs.LinuxSeccomp{ expected := specs.LinuxSeccomp{
DefaultAction: specs.ActErrno, DefaultAction: specs.ActErrno,
DefaultErrnoRet: &expectedDefaultErrno,
Syscalls: []specs.LinuxSyscall{ Syscalls: []specs.LinuxSyscall{
{ {
Names: []string{"clone"}, Names: []string{"clone"},