moby--moby

History

clubby789 d39b075302 Enable `process_vm_readv` and `process_vm_writev` for kernel > 4.8 These syscalls were disabled in #18971 due to them requiring CAP_PTRACE. CAP_PTRACE was blocked by default due to a ptrace related exploit. This has been patched in the Linux kernel (version 4.8) and thus `ptrace` has been re-enabled. However, these associated syscalls seem to have been left behind. This commit brings them in line with `ptrace`, and re-enables it for kernel > 4.8. Signed-off-by: clubby789 <jamie@hill-daniel.co.uk>	2021-03-04 17:12:01 +00:00
..
apparmor	apparmor: permit signals from unconfined programs	2020-08-11 18:18:58 +10:00
seccomp	Enable `process_vm_readv` and `process_vm_writev` for kernel > 4.8	2021-03-04 17:12:01 +00:00

clubby789 d39b075302 Enable `process_vm_readv` and `process_vm_writev` for kernel > 4.8

These syscalls were disabled in #18971
due to them requiring CAP_PTRACE. CAP_PTRACE was blocked by default due
to a ptrace related exploit. This has been patched in the Linux kernel
(version 4.8) and thus `ptrace` has been re-enabled. However, these
associated syscalls seem to have been left behind. This commit brings
them in line with `ptrace`, and re-enables it for kernel > 4.8.

Signed-off-by: clubby789 <jamie@hill-daniel.co.uk>

2021-03-04 17:12:01 +00:00

apparmor

apparmor: permit signals from unconfined programs

2020-08-11 18:18:58 +10:00

seccomp

Enable `process_vm_readv` and `process_vm_writev` for kernel > 4.8

2021-03-04 17:12:01 +00:00