beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

seccomp: add fchmodat2 syscall (kernel v6.6, libseccomp v2.5.5)

Browse source 
Add this syscall to match the profile in containerd

containerd: a6e52c74fa
libseccomp: 53267af3fb
kernel: 09da082b07

    fs: Add fchmodat2()

    On the userspace side fchmodat(3) is implemented as a wrapper
    function which implements the POSIX-specified interface. This
    interface differs from the underlying kernel system call, which does not
    have a flags argument. Most implementations require procfs [1][2].

    There doesn't appear to be a good userspace workaround for this issue
    but the implementation in the kernel is pretty straight-forward.

    The new fchmodat2() syscall allows to pass the AT_SYMLINK_NOFOLLOW flag,
    unlike existing fchmodat.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2024-02-06 13:59:04 +01:00
parent 4d0d5ee10d
commit 6f242f1a28
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
2 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
profiles/seccomp/default.json
View file

@ -110,6 +110,7 @@
"fchdir", "fchdir",
"fchmod", "fchmod",
"fchmodat", "fchmodat",
"fchmodat2",
"fchown", "fchown",
"fchown32", "fchown32",
"fchownat", "fchownat",

1
profiles/seccomp/default_linux.go
View file

@ -102,6 +102,7 @@ func DefaultProfile() *Seccomp {
"fchdir", "fchdir",
"fchmod", "fchmod",
"fchmodat", "fchmodat",
"fchmodat2", // kernel v6.6, libseccomp v2.5.5
"fchown", "fchown",
"fchown32", "fchown32",
"fchownat", "fchownat",