1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
moby--moby/profiles/seccomp
Aleksa Sarai a6a88b3145
profiles: seccomp: update to Linux 5.11 syscall list
These syscalls (some of which have been in Linux for a while but were
missing from the profile) fall into a few buckets:

 * close_range(2), epoll_pwait2(2) are just extensions of existing "safe
   for everyone" syscalls.

 * The mountv2 API syscalls (fs*(2), move_mount(2), open_tree(2)) are
   all equivalent to aspects of mount(2) and thus go into the
   CAP_SYS_ADMIN category.

 * process_madvise(2) is similar to the other process_*(2) syscalls and
   thus goes in the CAP_SYS_PTRACE category.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
(cherry picked from commit 54eff4354b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-17 21:22:12 +01:00
..
fixtures seccomp: remove dependency on oci package 2020-09-29 19:39:15 +02:00
default.json profiles: seccomp: update to Linux 5.11 syscall list 2021-02-17 21:22:12 +01:00
default_linux.go profiles: seccomp: update to Linux 5.11 syscall list 2021-02-17 21:22:12 +01:00
generate.go New seccomp format 2016-09-01 11:53:07 +02:00
kernel_linux.go seccomp: implement marshal/unmarshall for MinVersion 2020-10-07 17:48:25 +02:00
kernel_linux_test.go seccomp: implement marshal/unmarshall for MinVersion 2020-10-07 17:48:25 +02:00
seccomp.go seccomp: implement marshal/unmarshall for MinVersion 2020-10-07 17:48:25 +02:00
seccomp_linux.go seccomp: implement marshal/unmarshall for MinVersion 2020-10-07 17:48:25 +02:00
seccomp_test.go seccomp: implement marshal/unmarshall for MinVersion 2020-10-07 17:48:25 +02:00
seccomp_unsupported.go seccomp: move seccomp types from api into seccomp profile 2020-09-18 18:14:16 +02:00