add 32bit syscalls to whitelist

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-12-29 13:48:31 -08:00 · 2015-12-29 13:48:31 -08:00 · a1747b3cc8
parent 17735c3c98
commit a1747b3cc8
1 changed files with 157 additions and 2 deletions
--- a/daemon/execdriver/native/seccomp_default.go
+++ b/daemon/execdriver/native/seccomp_default.go
@ -71,6 +71,11 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "chown32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "chroot",
 			Action: configs.Allow,
@ -208,6 +213,11 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "fadvise64_64",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "fallocate",
 			Action: configs.Allow,
@ -243,6 +253,11 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "fchown32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "fchownat",
 			Action: configs.Allow,
@ -253,6 +268,11 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "fcntl64",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "fdatasync",
 			Action: configs.Allow,
@ -293,11 +313,26 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "fstat64",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
+		{
+			Name:   "fstatat64",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "fstatfs",
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "fstatfs64",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "fsync",
 			Action: configs.Allow,
@ -308,6 +343,11 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "ftruncate64",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "futex",
 			Action: configs.Allow,
@ -343,21 +383,41 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "getegid32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "geteuid",
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "geteuid32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "getgid",
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "getgid32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "getgroups",
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "getgroups32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "getitimer",
 			Action: configs.Allow,
@ -403,11 +463,21 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "getresgid32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "getresuid",
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "getresuid32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "getrlimit",
 			Action: configs.Allow,
@ -458,6 +528,11 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "getuid32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "getxattr",
 			Action: configs.Allow,
@ -533,6 +608,11 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "lchown32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "lgetxattr",
 			Action: configs.Allow,
@ -583,6 +663,11 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "lstat64",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "madvise",
 			Action: configs.Allow,
@ -733,6 +818,11 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "_newselect",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "open",
 			Action: configs.Allow,
@ -1008,6 +1098,11 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "sendfile64",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "sendmmsg",
 			Action: configs.Allow,
@ -1033,21 +1128,41 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "setfsgid32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "setfsuid",
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "setfsuid32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "setgid",
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "setgid32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "setgroups",
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "setgroups32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "sethostname",
 			Action: configs.Allow,
@ -1073,21 +1188,41 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "setregid32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "setresgid",
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "setresgid32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "setresuid",
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "setresuid32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "setreuid",
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "setreuid32",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "setrlimit",
 			Action: configs.Allow,
@ -1119,12 +1254,12 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Args:   []*configs.Arg{},
 		},
 		{
-			Name:   "settimeofday",
+			Name:   "setuid",
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
 		{
-			Name:   "setuid",
+			Name:   "setuid32",
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
@ -1193,11 +1328,21 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "stat64",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "statfs",
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "statfs64",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "symlink",
 			Action: configs.Allow,
@ -1308,6 +1453,16 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
+		{
+			Name:   "truncate64",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
+		{
+			Name:   "ugetrlimit",
+			Action: configs.Allow,
+			Args:   []*configs.Arg{},
+		},
 		{
 			Name:   "umask",
 			Action: configs.Allow,