6 年之前 · ccd22ffcc8
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@@ -329,7 +329,6 @@
 
				 				"sync_file_range",
			
 
				 				"syncfs",
			
 
				 				"sysinfo",
			
 
				-				"syslog",
			
 
				 				"tee",
			
 
				 				"tgkill",
			
 
				 				"time",
			
@@ -561,6 +560,7 @@
 
				 				"setdomainname",
			
 
				 				"sethostname",
			
 
				 				"setns",
			
 
				+				"syslog",
			
 
				 				"umount",
			
 
				 				"umount2",
			
 
				 				"unshare"
			
@@ -762,6 +762,20 @@
 
				 				]
			
 
				 			},
			
 
				 			"excludes": {}
			
 
				+		},
			
 
				+		{
			
 
				+			"names": [
			
 
				+				"syslog"
			
 
				+			],
			
 
				+			"action": "SCMP_ACT_ALLOW",
			
 
				+			"args": [],
			
 
				+			"comment": "",
			
 
				+			"includes": {
			
 
				+				"caps": [
			
 
				+					"CAP_SYSLOG"
			
 
				+				]
			
 
				+			},
			
 
				+			"excludes": {}
			
 
				 		}
			
 
				 	]
			
 
				 }
			
--- a/profiles/seccomp/seccomp_default.go
+++ b/profiles/seccomp/seccomp_default.go
@@ -322,7 +322,6 @@ func DefaultProfile() *types.Seccomp {
 
				 				"sync_file_range",
			
 
				 				"syncfs",
			
 
				 				"sysinfo",
			
 
				-				"syslog",
			
 
				 				"tee",
			
 
				 				"tgkill",
			
 
				 				"time",
			
@@ -492,6 +491,7 @@ func DefaultProfile() *types.Seccomp {
 
				 				"setdomainname",
			
 
				 				"sethostname",
			
 
				 				"setns",
			
 
				+				"syslog",
			
 
				 				"umount",
			
 
				 				"umount2",
			
 
				 				"unshare",
			
@@ -642,6 +642,16 @@ func DefaultProfile() *types.Seccomp {
 
				 				Caps: []string{"CAP_SYS_NICE"},
			
 
				 			},
			
 
				 		},
			
 
				+		{
			
 
				+			Names: []string{
			
 
				+				"syslog",
			
 
				+			},
			
 
				+			Action: types.ActAllow,
			
 
				+			Args:   []*types.Arg{},
			
 
				+			Includes: types.Filter{
			
 
				+				Caps: []string{"CAP_SYSLOG"},
			
 
				+			},
			
 
				+		},
			
 
				 	}
			
 
				 
			
 
				 	return &types.Seccomp{