mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
a6a88b3145
These syscalls (some of which have been in Linux for a while but were
missing from the profile) fall into a few buckets:
* close_range(2), epoll_pwait2(2) are just extensions of existing "safe
for everyone" syscalls.
* The mountv2 API syscalls (fs*(2), move_mount(2), open_tree(2)) are
all equivalent to aspects of mount(2) and thus go into the
CAP_SYS_ADMIN category.
* process_madvise(2) is similar to the other process_*(2) syscalls and
thus goes in the CAP_SYS_PTRACE category.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
(cherry picked from commit
|
||
---|---|---|
.. | ||
fixtures | ||
default.json | ||
default_linux.go | ||
generate.go | ||
kernel_linux.go | ||
kernel_linux_test.go | ||
seccomp.go | ||
seccomp_linux.go | ||
seccomp_test.go | ||
seccomp_unsupported.go |