moby/profiles/seccomp
Sören Tempel 85eaf23bf4 seccomp: add support for "swapcontext" syscall in default policy
This system call is only available on the 32- and 64-bit PowerPC, it is
used by modern programming language implementations (such as gcc-go) to
implement coroutine features through userspace context switches.

Other container environment, such as Systemd nspawn already whitelist
this system call in their seccomp profile [1] [2]. As such, it would be
nice to also whitelist it in moby.

This issue was encountered on Alpine Linux GitLab CI system, which uses
moby, when attempting to execute gcc-go compiled software on ppc64le.

[1]: https://github.com/systemd/systemd/pull/9487
[2]: https://github.com/systemd/systemd/issues/9485

Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net>
2021-12-18 14:06:07 +01:00
..
fixtures seccomp: Use explicit DefaultErrnoRet 2021-07-30 19:13:21 +02:00
default.json seccomp: add support for "swapcontext" syscall in default policy 2021-12-18 14:06:07 +01:00
default_linux.go seccomp: add support for "swapcontext" syscall in default policy 2021-12-18 14:06:07 +01:00
generate.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
kernel_linux.go seccomp: implement marshal/unmarshall for MinVersion 2020-10-07 17:48:25 +02:00
kernel_linux_test.go seccomp: implement marshal/unmarshall for MinVersion 2020-10-07 17:48:25 +02:00
seccomp.go seccomp: Seccomp: embed oci-spec LinuxSeccomp, add support for seccomp flags 2021-07-17 15:57:54 +02:00
seccomp_linux.go seccomp: Seccomp: embed oci-spec LinuxSeccomp, add support for seccomp flags 2021-07-17 15:57:54 +02:00
seccomp_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
seccomp_unsupported.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00