kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

docs: update seccomp whitelist

Browse source 
the 'modify_ldt' was listed as "blocked by default",
but was whitelisted in 13a9d4e899

this updates the documentation to reflect this

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2016-05-11 18:45:27 +02:00
parent 3710f9074e
commit 2cddd1cd1f
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
1 changed files with 0 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
docs/security/seccomp.md
View file

@ -99,7 +99,6 @@ the reason each syscall is blocked rather than white-listed.
| `keyctl` | Prevent containers from using the kernel keyring, which is not namespaced. |
| `lookup_dcookie` | Tracing/profiling syscall, which could leak a lot of information on the host. |
| `mbind` | Syscall that modifies kernel memory and NUMA settings. Already gated by `CAP_SYS_NICE`. |
| `modify_ldt` | Old syscall only used in 16-bit code and a potential information leak. |
| `mount` | Deny mounting, already gated by `CAP_SYS_ADMIN`. |
| `move_pages` | Syscall that modifies kernel memory and NUMA settings. |
| `name_to_handle_at` | Sister syscall to `open_by_handle_at`. Already gated by `CAP_SYS_NICE`. |