kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity
moby--moby/daemon/execdriver/native
History
Justin Cormack ac47ad8ea4 Add some uses of personality syscall to default seccomp filter 
We generally want to filter the personality(2) syscall, as it
allows disabling ASLR, and turning on some poorly supported
emulations that have been the target of CVEs. However the use
cases for reading the current value, setting the default
PER_LINUX personality, and setting PER_LINUX32 for 32 bit
emulation are fine.

See issue #20634

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 39b799ac53)
2016-03-07 16:36:41 -05:00
..
template Make mqueue container specific 2016-02-10 11:29:58 -05:00
apparmor.go fix proc regex 2016-01-06 10:08:35 -08:00
create.go /dev/mqueue should never be mounted readonly 2016-02-19 15:05:26 -05:00
driver.go Add synchronization and closure to IO pipes in userns path 2016-03-07 16:25:54 -05:00
driver_unsupported.go Fix declarations of of execdriver/native.NewDriver to have the same signature. 2016-01-02 19:55:37 +01:00
driver_unsupported_nocgo.go Fix declarations of of execdriver/native.NewDriver to have the same signature. 2016-01-02 19:55:37 +01:00
exec.go Add synchronization and closure to IO pipes in userns path 2016-03-07 16:25:54 -05:00
info.go Fix golint warnings for daemon/execdriver/* 2015-07-28 08:43:22 +08:00
init.go Update libcontainer 2015-07-16 16:02:26 -07:00
seccomp.go read seccomp profile locally then pass to daemon 2016-01-12 13:12:29 -08:00
seccomp_default.go Add some uses of personality syscall to default seccomp filter 2016-03-07 16:36:41 -05:00
seccomp_unsupported.go fix default profile where unsupported 2015-12-28 20:42:15 -08:00