kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

seccomp: allow 'rseq' syscall in default seccomp profile

Browse source 
Restartable Sequences (rseq) are a kernel-based mechanism for fast
update operations on per-core data in user-space. Some libraries, like
the newest version of Google's TCMalloc, depend on it [1].

This also makes dockers default seccomp profile on par with systemd's,
which enabled 'rseq' in early 2019 [2].

1: https://google.github.io/tcmalloc/design.html
2: 6fee3be0b4

Signed-off-by: Florian Schmaus <flo@geekplace.eu>
This commit is contained in:
Florian Schmaus 2020-06-26 15:33:50 +02:00
parent 07cea2edf0
commit d0d99b04cf
2 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
profiles/seccomp/default.json
View file

@ -262,6 +262,7 @@
"renameat2",
"restart_syscall",
"rmdir",
"rseq",
"rt_sigaction",
"rt_sigpending",
"rt_sigprocmask",

1
profiles/seccomp/seccomp_default.go
View file

@ -255,6 +255,7 @@ func DefaultProfile() *types.Seccomp {
"renameat2",
"restart_syscall",
"rmdir",
"rseq",
"rt_sigaction",
"rt_sigpending",
"rt_sigprocmask",