From b8988c84751d440eaa2978df7bb89faeeb6a520c Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Sun, 16 Aug 2020 15:58:57 +0800 Subject: [PATCH 1/2] Add openat2 to default seccomp profile. follow up to https://github.com/moby/moby/pull/41344#discussion_r469919978 Signed-off-by: Jintao Zhang --- profiles/seccomp/default.json | 1 + profiles/seccomp/seccomp_default.go | 1 + 2 files changed, 2 insertions(+) diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json index 4e83d1ac81..c1b55623a9 100644 --- a/profiles/seccomp/default.json +++ b/profiles/seccomp/default.json @@ -229,6 +229,7 @@ "_newselect", "open", "openat", + "openat2", "pause", "pipe", "pipe2", diff --git a/profiles/seccomp/seccomp_default.go b/profiles/seccomp/seccomp_default.go index 644481533f..99e6d4d928 100644 --- a/profiles/seccomp/seccomp_default.go +++ b/profiles/seccomp/seccomp_default.go @@ -222,6 +222,7 @@ func DefaultProfile() *types.Seccomp { "_newselect", "open", "openat", + "openat2", "pause", "pipe", "pipe2", From a18139111d8a203bd211b0861c281ebe77daccd9 Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Mon, 17 Aug 2020 21:13:03 +0800 Subject: [PATCH 2/2] Add faccessat2 to default seccomp profile. Signed-off-by: Jintao Zhang --- profiles/seccomp/default.json | 1 + profiles/seccomp/seccomp_default.go | 1 + 2 files changed, 2 insertions(+) diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json index c1b55623a9..ee1e91193a 100644 --- a/profiles/seccomp/default.json +++ b/profiles/seccomp/default.json @@ -94,6 +94,7 @@ "exit", "exit_group", "faccessat", + "faccessat2", "fadvise64", "fadvise64_64", "fallocate", diff --git a/profiles/seccomp/seccomp_default.go b/profiles/seccomp/seccomp_default.go index 99e6d4d928..5f4efe02c4 100644 --- a/profiles/seccomp/seccomp_default.go +++ b/profiles/seccomp/seccomp_default.go @@ -87,6 +87,7 @@ func DefaultProfile() *types.Seccomp { "exit", "exit_group", "faccessat", + "faccessat2", "fadvise64", "fadvise64_64", "fallocate",