Merge pull request #1031 from rhatdan/seccomp

Update to latest seccomp filters in moby
2017-10-18 11:46:30 -04:00 · 2017-10-18 11:46:30 -04:00 · b3ceb2a450
commit b3ceb2a450
parent c04f585a53 704ebacab8
1 changed files with 57 additions and 3 deletions
--- a/seccomp.json
+++ b/seccomp.json
@ -55,7 +55,7 @@
 				"accept",
 				"accept4",
 				"access",
-				"alarm",
+				"adjtimex",
 				"alarm",
 				"bind",
 				"brk",
@ -223,10 +223,12 @@
 				"prctl",
 				"pread64",
 				"preadv",
+				"preadv2",
 				"prlimit64",
 				"pselect6",
 				"pwrite64",
 				"pwritev",
+				"pwritev2",
 				"read",
 				"readahead",
 				"readlink",
@ -403,6 +405,40 @@
 			"includes": {},
 			"excludes": {}
 		},
+		{
+			"names": [
+				"personality"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 131072,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"personality"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 131080,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
 		{
 			"names": [
 				"personality"
@ -422,6 +458,23 @@
 		},
 		{
 			"names": [
+				"sync_file_range2"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"arches": [
+					"ppc64le"
+				]
+			},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"arm_fadvise64_64",
+				"arm_sync_file_range",
+				"sync_file_range2",
 				"breakpoint",
 				"cacheflush",
 				"set_tls"
@ -508,6 +561,7 @@
 				"mount",
 				"name_to_handle_at",
 				"perf_event_open",
+				"quotactl",
 				"setdomainname",
 				"sethostname",
 				"setns",
@ -671,7 +725,7 @@
 			"names": [
 				"settimeofday",
 				"stime",
-				"adjtimex"
+				"clock_settime"
 			],
 			"action": "SCMP_ACT_ALLOW",
 			"args": [],
@ -698,4 +752,4 @@
 			"excludes": {}
 		}
 	]
-}
+}