We use cookies to ensure you get the best experience on our website
首頁 探索 說明
註冊 登入
0ct0pu5
/
moby
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

Add ipc syscall to default seccomp profile

On 32 bit x86 this is a multiplexing syscall for the system V
ipc syscalls such as shmget, and so needs to be allowed for
shared memory access for 32 bit binaries.

Fixes #20733

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Justin Cormack 9 年之前
父節點
beb17c096d
當前提交
31410a6d79
共有 2 個文件被更改,包括 10 次插入0 次删除
統一視圖 顯示文件統計
  1. 5 0
      profiles/seccomp/default.json
  2. 5 0
      profiles/seccomp/seccomp_default.go

+ 5 - 0
profiles/seccomp/default.json
查看文件 

@@ -593,6 +593,11 @@
 
 			"action": "SCMP_ACT_ALLOW",
 
 			"action": "SCMP_ACT_ALLOW",
 
 			"args": []
 
 			"args": []
 
 		},
 
 		},
 
+		{
 
+			"name": "ipc",
 
+			"action": "SCMP_ACT_ALLOW",
 
+			"args": []
 
+		},
 
 		{
 
 		{
 
 			"name": "kill",
 
 			"name": "kill",
 
 			"action": "SCMP_ACT_ALLOW",
 
 			"action": "SCMP_ACT_ALLOW",

+ 5 - 0
profiles/seccomp/seccomp_default.go
查看文件 

@@ -625,6 +625,11 @@ var DefaultProfile = &types.Seccomp{
 
 			Action: types.ActAllow,
 
 			Action: types.ActAllow,
 
 			Args:   []*types.Arg{},
 
 			Args:   []*types.Arg{},
 
 		},
 
 		},
 
+		{
 
+			Name:   "ipc",
 
+			Action: types.ActAllow,
 
+			Args:   []*types.Arg{},
 
+		},
 
 		{
 
 		{
 
 			Name:   "kill",
 
 			Name:   "kill",
 
 			Action: types.ActAllow,
 
 			Action: types.ActAllow,

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5