kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity

Block original umount syscall in default seccomp filter 

The original umount syscall without flags argument needs to
be blocked too.

Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
This commit is contained in:
Justin Cormack 2015-12-29 11:57:16 +00:00
parent eb551baf6f
commit 9be0d93cf7
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
daemon/execdriver/native/seccomp_default.go
View File

@ -298,6 +298,12 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Errno,
Args: []*configs.Arg{},
},
{
// Deny umount
Name: "umount",
Action: configs.Errno,
Args: []*configs.Arg{},
},
{
// Deny umount
Name: "umount2",