diff options
| author | Ashley Cui <acui@redhat.com> | 2020-07-16 21:49:47 -0400 |
|---|---|---|
| committer | Ashley Cui <acui@redhat.com> | 2020-07-21 14:22:30 -0400 |
| commit | d4d3fbc155419f4017064a65e718ad78d50115cc (patch) | |
| tree | 4f73ccfa606a6f8a0d4de07749ce2323687b870d /vendor/github.com/opencontainers/runtime-tools/generate/seccomp | |
| parent | df6920aa79073b2767d24c6524367384b6284b31 (diff) | |
| download | podman-d4d3fbc155419f4017064a65e718ad78d50115cc.tar.gz podman-d4d3fbc155419f4017064a65e718ad78d50115cc.tar.bz2 podman-d4d3fbc155419f4017064a65e718ad78d50115cc.zip | |
Add --umask flag for create, run
--umask sets the umask inside the container
Defaults to 0022
Co-authored-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Ashley Cui <acui@redhat.com>
Diffstat (limited to 'vendor/github.com/opencontainers/runtime-tools/generate/seccomp')
| -rw-r--r-- | vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go index 5fee5a3b2..8a8dc3970 100644 --- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go +++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go @@ -566,6 +566,20 @@ func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp { }, }...) /* Flags parameter of the clone syscall is the 2nd on s390 */ + syscalls = append(syscalls, []rspec.LinuxSyscall{ + { + Names: []string{"clone"}, + Action: rspec.ActAllow, + Args: []rspec.LinuxSeccompArg{ + { + Index: 1, + Value: 2080505856, + ValueTwo: 0, + Op: rspec.OpMaskedEqual, + }, + }, + }, + }...) } return &rspec.LinuxSeccomp{ |