af819bf623
This commit allows the Landlock[0] system calls in the default seccomp policy. Landlock was introduced in kernel 5.13, to fill the gap that inspecting filepaths passed as arguments to filesystem system calls is not really possible with pure `seccomp` (unless involving `ptrace`). Allowing Landlock by default fits in with allowing `seccomp` for containerized applications to voluntarily restrict their access rights to files within the container. [0]: https://www.kernel.org/doc/html/latest/userspace-api/landlock.html Signed-off-by: Tudor Brindus <me@tbrindus.ca> |
||
|---|---|---|
| .. | ||
| fixtures | ||
| default.json | ||
| default_linux.go | ||
| generate.go | ||
| kernel_linux.go | ||
| kernel_linux_test.go | ||
| seccomp.go | ||
| seccomp_linux.go | ||
| seccomp_test.go | ||
| seccomp_unsupported.go | ||