kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Merge pull request #37929 from justincormack/syslog

Browse source 
Move the syslog syscall to be gated by CAP_SYS_ADMIN or CAP_SYSLOG
This commit is contained in:
Sebastiaan van Stijn 2018-10-02 20:13:17 +02:00 committed by GitHub
commit 9267f34f6d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
profiles/seccomp/default.json
View file

@ -329,7 +329,6 @@
"sync_file_range", "sync_file_range",
"syncfs", "syncfs",
"sysinfo", "sysinfo",
"syslog",
"tee", "tee",
"tgkill", "tgkill",
"time", "time",
@ -561,6 +560,7 @@
"setdomainname", "setdomainname",
"sethostname", "sethostname",
"setns", "setns",
"syslog",
"umount", "umount",
"umount2", "umount2",
"unshare" "unshare"
@ -762,6 +762,20 @@
] ]
}, },
"excludes": {} "excludes": {}
},
{
"names": [
"syslog"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"caps": [
"CAP_SYSLOG"
]
},
"excludes": {}
} }
] ]
} }

12
profiles/seccomp/seccomp_default.go
View file

@ -322,7 +322,6 @@ func DefaultProfile() *types.Seccomp {
"sync_file_range", "sync_file_range",
"syncfs", "syncfs",
"sysinfo", "sysinfo",
"syslog",
"tee", "tee",
"tgkill", "tgkill",
"time", "time",
@ -492,6 +491,7 @@ func DefaultProfile() *types.Seccomp {
"setdomainname", "setdomainname",
"sethostname", "sethostname",
"setns", "setns",
"syslog",
"umount", "umount",
"umount2", "umount2",
"unshare", "unshare",
@ -642,6 +642,16 @@ func DefaultProfile() *types.Seccomp {
Caps: []string{"CAP_SYS_NICE"}, Caps: []string{"CAP_SYS_NICE"},
}, },
}, },
{
Names: []string{
"syslog",
},
Action: types.ActAllow,
Args: []*types.Arg{},
Includes: types.Filter{
Caps: []string{"CAP_SYSLOG"},
},
},
} }
return &types.Seccomp{ return &types.Seccomp{