1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
moby--moby/integration-cli
Justin Cormack 7e3a596a63 Block obsolete socket families in the default seccomp profile
Linux supports many obsolete address families, which are usually available in
common distro kernels, but they are less likely to be properly audited and
may have security issues

This blocks all socket families in the socket (and socketcall where applicable) syscall
except
- AF_UNIX - Unix domain sockets
- AF_INET - IPv4
- AF_INET6 - IPv6
- AF_NETLINK - Netlink sockets for communicating with the ekrnel
- AF_PACKET - raw sockets, which are only allowed with CAP_NET_RAW

All other socket families are blocked, including Appletalk (native, not
over IP), IPX (remember that!), VSOCK and HVSOCK, which should not generally
be used in containers, etc.

Note that users can of course provide a profile per container or in the daemon
config if they have unusual use cases that require these.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-01-17 17:50:44 +00:00
..
checker Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
daemon Fix leaked connections in integration tests 2017-01-11 14:48:48 -08:00
environment Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
fixtures Add integration test for stack deploy. 2016-11-10 11:28:18 -05:00
registry Avoid defunct registry/notary processes during tests 2017-01-13 17:45:14 -08:00
request Fix leaked connections in integration tests 2017-01-11 14:48:48 -08:00
requirement Display only the name of the requirement… 2016-12-26 21:29:17 +01:00
benchmark_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
check_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
daemon_swarm_hack_test.go Small cleanups on integration cli 2017-01-12 16:57:59 +01:00
docker_api_attach_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_api_auth_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_api_build_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_api_containers_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_api_create_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_api_events_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_api_exec_resize_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_api_exec_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_api_images_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_api_info_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_api_inspect_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_api_inspect_unix_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_api_logs_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_api_network_test.go Fix leaked connections in integration tests 2017-01-11 14:48:48 -08:00
docker_api_resize_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_api_service_update_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_api_stats_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_api_stats_unix_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_api_swarm_test.go Add test for swarm error handling 2017-01-05 15:46:07 -08:00
docker_api_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_api_update_unix_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_api_version_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_api_volumes_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_cli_attach_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_attach_unix_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_authz_plugin_v2_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_authz_unix_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_build_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_build_unix_test.go Update trustedCmd to be compatible with testutil/cmd 2017-01-09 11:07:05 +01:00
docker_cli_by_digest_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_commit_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_config_test.go Update trustedCmd to be compatible with testutil/cmd 2017-01-09 11:07:05 +01:00
docker_cli_cp_from_container_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_cp_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_cp_to_container_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_cp_to_container_unix_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_cp_utils.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_create_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_daemon_plugins_test.go Update trustedCmd to be compatible with testutil/cmd 2017-01-09 11:07:05 +01:00
docker_cli_daemon_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_diff_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_events_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_events_unix_test.go support registry mirror config reload 2017-01-04 11:04:00 +08:00
docker_cli_exec_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_cli_exec_unix_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_experimental_test.go Small cleanups on integration cli 2017-01-12 16:57:59 +01:00
docker_cli_export_import_test.go Update trustedCmd to be compatible with testutil/cmd 2017-01-09 11:07:05 +01:00
docker_cli_external_graphdriver_unix_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_external_volume_driver_unix_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_health_test.go Small cleanups on integration cli 2017-01-12 16:57:59 +01:00
docker_cli_help_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_history_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_images_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_import_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_info_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_info_unix_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_inspect_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_kill_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_cli_links_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_links_unix_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_login_test.go Merge pull request #29799 from vdemeester/integration-registry-package 2017-01-02 15:37:09 +01:00
docker_cli_logout_test.go Merge pull request #29799 from vdemeester/integration-registry-package 2017-01-02 15:37:09 +01:00
docker_cli_logs_bench_test.go
docker_cli_logs_test.go Small cleanups on integration cli 2017-01-12 16:57:59 +01:00
docker_cli_nat_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_netmode_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_network_unix_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_oom_killed_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_pause_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_plugins_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_port_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_proxy_test.go Update trustedCmd to be compatible with testutil/cmd 2017-01-09 11:07:05 +01:00
docker_cli_prune_unix_test.go Add --filter until=<timestamp> for docker container/image prune 2017-01-04 14:16:42 -08:00
docker_cli_ps_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_pull_local_test.go Merge pull request #29947 from vdemeester/integration-some-runCommandWithOutput-clean 2017-01-10 15:56:42 +01:00
docker_cli_pull_test.go *: use opencontainers/go-digest package 2017-01-06 18:48:41 -08:00
docker_cli_pull_trusted_test.go Update trustedCmd to be compatible with testutil/cmd 2017-01-09 11:07:05 +01:00
docker_cli_push_test.go Update trustedCmd to be compatible with testutil/cmd 2017-01-09 11:07:05 +01:00
docker_cli_registry_user_agent_test.go Fix leaked connections in integration tests 2017-01-11 14:48:48 -08:00
docker_cli_rename_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_restart_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_rm_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_rmi_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_run_test.go Merge pull request #30138 from vdemeester/integration-use-testenv 2017-01-17 14:31:49 +01:00
docker_cli_run_unix_test.go Block obsolete socket families in the default seccomp profile 2017-01-17 17:50:44 +00:00
docker_cli_save_load_test.go *: use opencontainers/go-digest package 2017-01-06 18:48:41 -08:00
docker_cli_save_load_unix_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_search_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_secret_create_test.go remove -f on secret create and unify usage with other commands 2017-01-06 14:07:48 -08:00
docker_cli_secret_inspect_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_service_create_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_service_health_test.go Small cleanups on integration cli 2017-01-12 16:57:59 +01:00
docker_cli_service_logs_experimental_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_service_scale_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_service_update_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_sni_test.go
docker_cli_stack_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_start_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_stats_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_stop_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_swarm_test.go Allow swarm init with --availability=drain 2017-01-10 16:31:51 -08:00
docker_cli_swarm_unix_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_tag_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_top_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_update_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_cli_update_unix_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_cli_userns_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_v2_only_test.go Fix leaked connections in integration tests 2017-01-11 14:48:48 -08:00
docker_cli_version_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
docker_cli_volume_test.go Merge pull request #29947 from vdemeester/integration-some-runCommandWithOutput-clean 2017-01-10 15:56:42 +01:00
docker_cli_wait_test.go Update trustedCmd to be compatible with testutil/cmd 2017-01-09 11:07:05 +01:00
docker_deprecated_api_v124_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_deprecated_api_v124_unix_test.go Add a new request package in integration-cli 2017-01-03 11:49:30 +01:00
docker_experimental_network_test.go Small cleanups on integration cli 2017-01-12 16:57:59 +01:00
docker_hub_pull_suite_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
docker_utils_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
events_utils_test.go Remove pkg/integration and move it to testutil or integration-cli 2016-12-30 18:26:34 +01:00
fixtures_linux_daemon_test.go Block obsolete socket families in the default seccomp profile 2017-01-17 17:50:44 +00:00
fixtures_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
requirements_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
requirements_unix_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
test_vars_exec_test.go Introduce a environment package in integration-cli 2016-12-29 11:00:50 +01:00
test_vars_noexec_test.go Introduce a environment package in integration-cli 2016-12-29 11:00:50 +01:00
test_vars_noseccomp_test.go Introduce a environment package in integration-cli 2016-12-29 11:00:50 +01:00
test_vars_seccomp_test.go Introduce a environment package in integration-cli 2016-12-29 11:00:50 +01:00
test_vars_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00
test_vars_unix_test.go Introduce a environment package in integration-cli 2016-12-29 11:00:50 +01:00
test_vars_windows_test.go Introduce a environment package in integration-cli 2016-12-29 11:00:50 +01:00
trust_server_test.go Merge pull request #30151 from tonistiigi/fix-defunct 2017-01-16 08:55:16 +01:00
utils_test.go Use testEnv methods and remove most of the global variables 2017-01-17 12:39:08 +01:00