mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
add 32bit syscalls to whitelist
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
This commit is contained in:
parent
17735c3c98
commit
a1747b3cc8
1 changed files with 157 additions and 2 deletions
|
@ -71,6 +71,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "chown32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "chroot",
|
Name: "chroot",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -208,6 +213,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "fadvise64_64",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "fallocate",
|
Name: "fallocate",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -243,6 +253,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "fchown32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "fchownat",
|
Name: "fchownat",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -253,6 +268,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "fcntl64",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "fdatasync",
|
Name: "fdatasync",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -293,11 +313,26 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "fstat64",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "fstatat64",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "fstatfs",
|
Name: "fstatfs",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "fstatfs64",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "fsync",
|
Name: "fsync",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -308,6 +343,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "ftruncate64",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "futex",
|
Name: "futex",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -343,21 +383,41 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "getegid32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "geteuid",
|
Name: "geteuid",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "geteuid32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "getgid",
|
Name: "getgid",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "getgid32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "getgroups",
|
Name: "getgroups",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "getgroups32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "getitimer",
|
Name: "getitimer",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -403,11 +463,21 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "getresgid32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "getresuid",
|
Name: "getresuid",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "getresuid32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "getrlimit",
|
Name: "getrlimit",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -458,6 +528,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "getuid32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "getxattr",
|
Name: "getxattr",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -533,6 +608,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "lchown32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "lgetxattr",
|
Name: "lgetxattr",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -583,6 +663,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "lstat64",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "madvise",
|
Name: "madvise",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -733,6 +818,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "_newselect",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "open",
|
Name: "open",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -1008,6 +1098,11 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "sendfile64",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "sendmmsg",
|
Name: "sendmmsg",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -1033,21 +1128,41 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "setfsgid32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "setfsuid",
|
Name: "setfsuid",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "setfsuid32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "setgid",
|
Name: "setgid",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "setgid32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "setgroups",
|
Name: "setgroups",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "setgroups32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "sethostname",
|
Name: "sethostname",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -1073,21 +1188,41 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "setregid32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "setresgid",
|
Name: "setresgid",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "setresgid32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "setresuid",
|
Name: "setresuid",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "setresuid32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "setreuid",
|
Name: "setreuid",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "setreuid32",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "setrlimit",
|
Name: "setrlimit",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -1119,12 +1254,12 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "settimeofday",
|
Name: "setuid",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "setuid",
|
Name: "setuid32",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
@ -1193,11 +1328,21 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "stat64",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "statfs",
|
Name: "statfs",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "statfs64",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "symlink",
|
Name: "symlink",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
@ -1308,6 +1453,16 @@ var defaultSeccompProfile = &configs.Seccomp{
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
Args: []*configs.Arg{},
|
Args: []*configs.Arg{},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "truncate64",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "ugetrlimit",
|
||||||
|
Action: configs.Allow,
|
||||||
|
Args: []*configs.Arg{},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Name: "umask",
|
Name: "umask",
|
||||||
Action: configs.Allow,
|
Action: configs.Allow,
|
||||||
|
|
Loading…
Reference in a new issue