beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

remove seccomp from seccomp profile

Browse source 
This can be allowed because it should only restrict more per the seccomp docs, and multiple apps use it today.

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
This commit is contained in:
Jessica Frazelle 2015-12-29 11:21:33 -08:00
parent 194e69507b
commit b610fc226a
No known key found for this signature in database
GPG key ID: 18F3685C0022BFF3
1 changed files with 0 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
daemon/execdriver/native/seccomp_default.go
View file

@ -254,12 +254,6 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Errno,
Args: []*configs.Arg{},
},
{
// meta, deny seccomp
Name: "seccomp",
Action: configs.Errno,
Args: []*configs.Arg{},
},
{
// Terrifying syscalls that modify kernel memory and NUMA settings.
// They're gated by CAP_SYS_NICE,