0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

seccomp: whitelist quotactl with CAP_SYS_ADMIN

Browse source 
The quotactl syscall is being whitelisted in default seccomp profile,
gated by CAP_SYS_ADMIN.

Signed-off-by: Panagiotis Moustafellos <pmoust@elastic.co>
This commit is contained in:
Panagiotis Moustafellos 2017-08-08 20:01:53 +03:00
parent 526fc40145
commit cf6e1c5dfd
No known key found for this signature in database
GPG key ID: 893B8BDCDD71357E
2 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
profiles/seccomp/default.json
View file

@ -557,6 +557,7 @@
"mount",
"name_to_handle_at",
"perf_event_open",
"quotactl",
"setdomainname",
"sethostname",
"setns",

1
profiles/seccomp/seccomp_default.go
View file

@ -488,6 +488,7 @@ func DefaultProfile() *types.Seccomp {
"mount",
"name_to_handle_at",
"perf_event_open",
"quotactl",
"setdomainname",
"sethostname",
"setns",