Merge pull request #18968 from justincormack/stime

Block stime in default seccomp profile
2015-12-29 10:07:40 -08:00 · 2015-12-29 10:07:40 -08:00 · 294336a1af
commit 294336a1af
parent 31bd242cba 6300a08be9
1 changed files with 6 additions and 0 deletions
--- a/daemon/execdriver/native/seccomp_default.go
+++ b/daemon/execdriver/native/seccomp_default.go
@ -280,6 +280,12 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Errno,
 			Args:   []*configs.Arg{},
 		},
+		{
+			// Time/Date is not namespaced
+			Name:   "stime",
+			Action: configs.Errno,
+			Args:   []*configs.Arg{},
+		},
 		{
 			// Deny start/stop swapping to file/device
 			Name:   "swapon",