We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #43199 from Xyene/allow-landlock

seccomp: add support for Landlock syscalls in default policy
Sebastiaan van Stijn 3 years ago
parent
a75620086f af819bf623
commit
e9712464ad
2 changed files with 6 additions and 0 deletions
Unified View Show Diff Stats
  1. 3 0
      profiles/seccomp/default.json
  2. 3 0
      profiles/seccomp/default_linux.go

+ 3 - 0
profiles/seccomp/default.json
View File 

@@ -183,6 +183,9 @@
 
 				"io_uring_setup",
 
 				"io_uring_setup",
 
 				"ipc",
 
 				"ipc",
 
 				"kill",
 
 				"kill",
 
+				"landlock_add_rule",
 
+				"landlock_create_ruleset",
 
+				"landlock_restrict_self",
 
 				"lchown",
 
 				"lchown",
 
 				"lchown32",
 
 				"lchown32",
 
 				"lgetxattr",
 
 				"lgetxattr",

+ 3 - 0
profiles/seccomp/default_linux.go
View File 

@@ -175,6 +175,9 @@ func DefaultProfile() *Seccomp {
 
 					"io_uring_setup",
 
 					"io_uring_setup",
 
 					"ipc",
 
 					"ipc",
 
 					"kill",
 
 					"kill",
 
+					"landlock_add_rule",
 
+					"landlock_create_ruleset",
 
+					"landlock_restrict_self",
 
 					"lchown",
 
 					"lchown",
 
 					"lchown32",
 
 					"lchown32",
 
 					"lgetxattr",
 
 					"lgetxattr",

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5