We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Support compatible architectures with default seccomp rules

In the default seccomp rule, allow use of 32 bit syscalls on
64 bit architectures, so you can run x86 Linux images on x86_64
without disabling seccomp or using a custom rule.

Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Justin Cormack 9 years ago
parent
d8e06d54cf
commit
ca3ae72e43
1 changed files with 26 additions and 0 deletions
Split View Show Diff Stats
  1. 26 0
      daemon/execdriver/native/seccomp_default.go

+ 26 - 0
daemon/execdriver/native/seccomp_default.go
View File 

@@ -6,10 +6,36 @@ import (
 
 	"syscall"
 
 
 	"github.com/opencontainers/runc/libcontainer/configs"
 
+	libseccomp "github.com/seccomp/libseccomp-golang"
 
 )
 
 
+func arches() []string {
 
+	var native, err = libseccomp.GetNativeArch()
 
+	if err != nil {
 
+		return []string{}
 
+	}
 
+	var a = native.String()
 
+	switch a {
 
+	case "amd64":
 
+		return []string{"amd64", "x86"}
 
+	case "arm64":
 
+		return []string{"arm64", "arm"}
 
+	case "mips64":
 
+		return []string{"mips64", "mips64n32", "mips"}
 
+	case "mips64n32":
 
+		return []string{"mips64", "mips64n32", "mips"}
 
+	case "mipsel64":
 
+		return []string{"mipsel64", "mipsel64n32", "mipsel"}
 
+	case "mipsel64n32":
 
+		return []string{"mipsel64", "mipsel64n32", "mipsel"}
 
+	default:
 
+		return []string{a}
 
+	}
 
+}
 
+
 
 var defaultSeccompProfile = &configs.Seccomp{
 
 	DefaultAction: configs.Errno,
 
+	Architectures: arches(),
 
 	Syscalls: []*configs.Syscall{
 
 		{
 
 			Name:   "accept",

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5