1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

add 32bit syscalls to whitelist

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
This commit is contained in:
Jessica Frazelle 2015-12-29 13:48:31 -08:00
parent 17735c3c98
commit a1747b3cc8
No known key found for this signature in database
GPG key ID: 18F3685C0022BFF3

View file

@ -71,6 +71,11 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "chown32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "chroot", Name: "chroot",
Action: configs.Allow, Action: configs.Allow,
@ -208,6 +213,11 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "fadvise64_64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "fallocate", Name: "fallocate",
Action: configs.Allow, Action: configs.Allow,
@ -243,6 +253,11 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "fchown32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "fchownat", Name: "fchownat",
Action: configs.Allow, Action: configs.Allow,
@ -253,6 +268,11 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "fcntl64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "fdatasync", Name: "fdatasync",
Action: configs.Allow, Action: configs.Allow,
@ -293,11 +313,26 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "fstat64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "fstatat64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "fstatfs", Name: "fstatfs",
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "fstatfs64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "fsync", Name: "fsync",
Action: configs.Allow, Action: configs.Allow,
@ -308,6 +343,11 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "ftruncate64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "futex", Name: "futex",
Action: configs.Allow, Action: configs.Allow,
@ -343,21 +383,41 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "getegid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "geteuid", Name: "geteuid",
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "geteuid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "getgid", Name: "getgid",
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "getgid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "getgroups", Name: "getgroups",
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "getgroups32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "getitimer", Name: "getitimer",
Action: configs.Allow, Action: configs.Allow,
@ -403,11 +463,21 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "getresgid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "getresuid", Name: "getresuid",
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "getresuid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "getrlimit", Name: "getrlimit",
Action: configs.Allow, Action: configs.Allow,
@ -458,6 +528,11 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "getuid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "getxattr", Name: "getxattr",
Action: configs.Allow, Action: configs.Allow,
@ -533,6 +608,11 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "lchown32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "lgetxattr", Name: "lgetxattr",
Action: configs.Allow, Action: configs.Allow,
@ -583,6 +663,11 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "lstat64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "madvise", Name: "madvise",
Action: configs.Allow, Action: configs.Allow,
@ -733,6 +818,11 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "_newselect",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "open", Name: "open",
Action: configs.Allow, Action: configs.Allow,
@ -1008,6 +1098,11 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "sendfile64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "sendmmsg", Name: "sendmmsg",
Action: configs.Allow, Action: configs.Allow,
@ -1033,21 +1128,41 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "setfsgid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "setfsuid", Name: "setfsuid",
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "setfsuid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "setgid", Name: "setgid",
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "setgid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "setgroups", Name: "setgroups",
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "setgroups32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "sethostname", Name: "sethostname",
Action: configs.Allow, Action: configs.Allow,
@ -1073,21 +1188,41 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "setregid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "setresgid", Name: "setresgid",
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "setresgid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "setresuid", Name: "setresuid",
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "setresuid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "setreuid", Name: "setreuid",
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "setreuid32",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "setrlimit", Name: "setrlimit",
Action: configs.Allow, Action: configs.Allow,
@ -1119,12 +1254,12 @@ var defaultSeccompProfile = &configs.Seccomp{
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{ {
Name: "settimeofday", Name: "setuid",
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{ {
Name: "setuid", Name: "setuid32",
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
@ -1193,11 +1328,21 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "stat64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "statfs", Name: "statfs",
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "statfs64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "symlink", Name: "symlink",
Action: configs.Allow, Action: configs.Allow,
@ -1308,6 +1453,16 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow, Action: configs.Allow,
Args: []*configs.Arg{}, Args: []*configs.Arg{},
}, },
{
Name: "truncate64",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "ugetrlimit",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{ {
Name: "umask", Name: "umask",
Action: configs.Allow, Action: configs.Allow,