Add time64 syscalls to seccomp.json

12 new syscalls have been added for handling 64 bit time. These syscalls are breaking containers on newer kernels. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-10-21 16:27:40 -04:00 · 2020-10-21 16:27:40 -04:00 · 4405585d9e
parent af7625f50f
commit 4405585d9e
2 changed files with 23 additions and 1 deletions
--- a/common/pkg/seccomp/default_linux.go
+++ b/common/pkg/seccomp/default_linux.go
@ -66,9 +66,13 @@ func DefaultProfile() *Seccomp {
 				"chown",
 				"chown32",
 				"clock_adjtime",
+				"clock_adjtime64",
 				"clock_getres",
+				"clock_getres_time64",
 				"clock_gettime",
+				"clock_gettime64",
 				"clock_nanosleep",
+				"clock_nanosleep_time64",
 				"clone",
 				"close",
 				"connect",
@ -226,12 +230,14 @@ func DefaultProfile() *Seccomp {
 				"pivot_root",
 				"poll",
 				"ppoll",
+				"ppoll_time64",
 				"prctl",
 				"pread64",
 				"preadv",
 				"preadv2",
 				"prlimit64",
 				"pselect6",
+				"pselect6_time64",
 				"pwrite64",
 				"pwritev",
 				"pwritev2",
@ -343,10 +349,13 @@ func DefaultProfile() *Seccomp {
 				"timer_delete",
 				"timer_getoverrun",
 				"timer_gettime",
+				"timer_gettime64",
 				"timer_settime",
 				"timerfd_create",
 				"timerfd_gettime",
+				"timerfd_gettime64",
 				"timerfd_settime",
+				"timerfd_settime64",
 				"times",
 				"tkill",
 				"truncate",
@ -361,6 +370,7 @@ func DefaultProfile() *Seccomp {
 				"unshare",
 				"utime",
 				"utimensat",
+				"utimensat_time64",
 				"utimes",
 				"vfork",
 				"vmsplice",
@ -642,6 +652,7 @@ func DefaultProfile() *Seccomp {
 				"settimeofday",
 				"stime",
 				"clock_settime",
+				"clock_settime64",
 			},
 			Action: ActAllow,
 			Args:   []*Arg{},
--- a/common/pkg/seccomp/seccomp.json
+++ b/common/pkg/seccomp/seccomp.json
@ -68,9 +68,13 @@
 				"chown",
 				"chown32",
 				"clock_adjtime",
+				"clock_adjtime64",
 				"clock_getres",
+				"clock_getres_time64",
 				"clock_gettime",
+				"clock_gettime64",
 				"clock_nanosleep",
+				"clock_nanosleep_time64",
 				"clone",
 				"close",
 				"connect",
@ -228,12 +232,14 @@
 				"pivot_root",
 				"poll",
 				"ppoll",
+				"ppoll_time64",
 				"prctl",
 				"pread64",
 				"preadv",
 				"preadv2",
 				"prlimit64",
 				"pselect6",
+				"pselect6_time64",
 				"pwrite64",
 				"pwritev",
 				"pwritev2",
@ -345,10 +351,13 @@
 				"timer_delete",
 				"timer_getoverrun",
 				"timer_gettime",
+				"timer_gettime64",
 				"timer_settime",
 				"timerfd_create",
 				"timerfd_gettime",
+				"timerfd_gettime64",
 				"timerfd_settime",
+				"timerfd_settime64",
 				"times",
 				"tkill",
 				"truncate",
@ -363,6 +372,7 @@
 				"unshare",
 				"utime",
 				"utimensat",
+				"utimensat_time64",
 				"utimes",
 				"vfork",
 				"vmsplice",
@ -749,7 +759,8 @@
 			"names": [
 				"settimeofday",
 				"stime",
-				"clock_settime"
+				"clock_settime",
+				"clock_settime64"
 			],
 			"action": "SCMP_ACT_ALLOW",
 			"args": [],