kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity
moby--moby/contrib/syscall-test
History
Justin Cormack dcf2632945 Revert "Block obsolete socket families in the default seccomp profile" 
This reverts commit 7e3a596a63.

Unfortunately, it was pointed out in https://github.com/moby/moby/pull/29076#commitcomment-21831387
that the `socketcall` syscall takes a pointer to a struct so it is not possible to
use seccomp profiles to filter it. This means these cannot be blocked as you can
use `socketcall` to call them regardless, as we currently allow 32 bit syscalls.

Users who wish to block these should use a seccomp profile that blocks all
32 bit syscalls and then just block the non socketcall versions.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 		2017-05-09 14:26:00 +01:00
..
Dockerfile Revert "Block obsolete socket families in the default seccomp profile" 2017-05-09 14:26:00 +01:00
acct.c
exit32.s Add a test that the default seccomp profile allows execution of 32 bit binaries 2016-07-27 18:42:34 +01:00
ns.c fix some typos from module contrib to man 2017-02-18 10:08:55 +08:00
raw.c Use runc version built without ambient capabilities 2016-11-04 17:25:28 +00:00
setgid.c Use runc version built without ambient capabilities 2016-11-04 17:25:28 +00:00
setuid.c Use runc version built without ambient capabilities 2016-11-04 17:25:28 +00:00
socket.c Use runc version built without ambient capabilities 2016-11-04 17:25:28 +00:00
userns.c fix some typos from module contrib to man 2017-02-18 10:08:55 +08:00