Add ipc syscall to default seccomp profile

On 32 bit x86 this is a multiplexing syscall for the system V ipc syscalls such as shmget, and so needs to be allowed for shared memory access for 32 bit binaries. Fixes #20733 Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2016-03-05 22:10:12 +00:00 · 2016-03-05 22:10:12 +00:00 · 31410a6d79
parent beb17c096d
commit 31410a6d79
2 changed files with 10 additions and 0 deletions
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@ -593,6 +593,11 @@
 			"action": "SCMP_ACT_ALLOW",
 			"args": []
 		},
+		{
+			"name": "ipc",
+			"action": "SCMP_ACT_ALLOW",
+			"args": []
+		},
 		{
 			"name": "kill",
 			"action": "SCMP_ACT_ALLOW",
--- a/profiles/seccomp/seccomp_default.go
+++ b/profiles/seccomp/seccomp_default.go
@ -625,6 +625,11 @@ var DefaultProfile = &types.Seccomp{
 			Action: types.ActAllow,
 			Args:   []*types.Arg{},
 		},
+		{
+			Name:   "ipc",
+			Action: types.ActAllow,
+			Args:   []*types.Arg{},
+		},
 		{
 			Name:   "kill",
 			Action: types.ActAllow,