kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity

Support compatible architectures with default seccomp rules 

In the default seccomp rule, allow use of 32 bit syscalls on
64 bit architectures, so you can run x86 Linux images on x86_64
without disabling seccomp or using a custom rule.

Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
This commit is contained in:
Justin Cormack 2016-01-05 14:27:32 +00:00 committed by Jessica Frazelle
parent d8e06d54cf
commit ca3ae72e43
No known key found for this signature in database
GPG Key ID: 18F3685C0022BFF3
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
daemon/execdriver/native/seccomp_default.go
View File

@ -6,10 +6,36 @@ import (
"syscall"
"github.com/opencontainers/runc/libcontainer/configs"
libseccomp "github.com/seccomp/libseccomp-golang"
)
func arches() []string {
var native, err = libseccomp.GetNativeArch()
if err != nil {
return []string{}
}
var a = native.String()
switch a {
case "amd64":
return []string{"amd64", "x86"}
case "arm64":
return []string{"arm64", "arm"}
case "mips64":
return []string{"mips64", "mips64n32", "mips"}
case "mips64n32":
return []string{"mips64", "mips64n32", "mips"}
case "mipsel64":
return []string{"mipsel64", "mipsel64n32", "mipsel"}
case "mipsel64n32":
return []string{"mipsel64", "mipsel64n32", "mipsel"}
default:
return []string{a}
}
}
var defaultSeccompProfile = &configs.Seccomp{
DefaultAction: configs.Errno,
Architectures: arches(),
Syscalls: []*configs.Syscall{
{
Name: "accept",