summaryrefslogtreecommitdiff
path: root/seccomp.json
diff options
context:
space:
mode:
authorValentin Rothberg <vrothberg@suse.com>2018-11-08 14:10:39 +0100
committerValentin Rothberg <vrothberg@suse.com>2018-11-08 14:21:00 +0100
commit19faaba94592bb8087ec68569398236af6654ef3 (patch)
tree6c5fb3d7fd6efb0a672e24138bab4dfe9b4d89e4 /seccomp.json
parent76360d9a6ef73f694138766b81f380e45a860556 (diff)
downloadpodman-19faaba94592bb8087ec68569398236af6654ef3.tar.gz
podman-19faaba94592bb8087ec68569398236af6654ef3.tar.bz2
podman-19faaba94592bb8087ec68569398236af6654ef3.zip
update seccomp.json
Merge the following changes from the upstream Moby seccomp profile: * commit b2a907c8cab6 ("Whitelist statx syscall for libseccomp-2.3.3 onward") * commit 47dfff68e436 ("Whitelist syscalls linked to CAP_SYS_NICE in default seccomp profile") * commit ccd22ffcc8b5 ("Move the syslog syscall to be gated by CAP_SYS_ADMIN or CAP_SYSLOG") Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Diffstat (limited to 'seccomp.json')
-rw-r--r--seccomp.json33
1 files changed, 32 insertions, 1 deletions
diff --git a/seccomp.json b/seccomp.json
index 19fadb4bb..fd0681a86 100644
--- a/seccomp.json
+++ b/seccomp.json
@@ -322,13 +322,13 @@
"stat64",
"statfs",
"statfs64",
+ "statx",
"symlink",
"symlinkat",
"sync",
"sync_file_range",
"syncfs",
"sysinfo",
- "syslog",
"tee",
"tgkill",
"time",
@@ -565,6 +565,7 @@
"setdomainname",
"sethostname",
"setns",
+ "syslog",
"umount",
"umount2",
"unshare"
@@ -750,6 +751,36 @@
]
},
"excludes": {}
+ },
+ {
+ "names": [
+ "get_mempolicy",
+ "mbind",
+ "set_mempolicy"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "caps": [
+ "CAP_SYS_NICE"
+ ]
+ },
+ "excludes": {}
+ },
+ {
+ "names": [
+ "syslog"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "caps": [
+ "CAP_SYSLOG"
+ ]
+ },
+ "excludes": {}
}
]
}