containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add time64 syscalls to seccomp.json 

12 new syscalls have been added for handling 64 bit time.
These syscalls are breaking containers on newer kernels.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh 2020-10-21 16:27:40 -04:00
parent af7625f50f
commit 4405585d9e
2 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
common/pkg/seccomp/default_linux.go
View File

@ -66,9 +66,13 @@ func DefaultProfile() *Seccomp {
"chown", "chown",
"chown32", "chown32",
"clock_adjtime", "clock_adjtime",
"clock_adjtime64",
"clock_getres", "clock_getres",
"clock_getres_time64",
"clock_gettime", "clock_gettime",
"clock_gettime64",
"clock_nanosleep", "clock_nanosleep",
"clock_nanosleep_time64",
"clone", "clone",
"close", "close",
"connect", "connect",
@ -226,12 +230,14 @@ func DefaultProfile() *Seccomp {
"pivot_root", "pivot_root",
"poll", "poll",
"ppoll", "ppoll",
"ppoll_time64",
"prctl", "prctl",
"pread64", "pread64",
"preadv", "preadv",
"preadv2", "preadv2",
"prlimit64", "prlimit64",
"pselect6", "pselect6",
"pselect6_time64",
"pwrite64", "pwrite64",
"pwritev", "pwritev",
"pwritev2", "pwritev2",
@ -343,10 +349,13 @@ func DefaultProfile() *Seccomp {
"timer_delete", "timer_delete",
"timer_getoverrun", "timer_getoverrun",
"timer_gettime", "timer_gettime",
"timer_gettime64",
"timer_settime", "timer_settime",
"timerfd_create", "timerfd_create",
"timerfd_gettime", "timerfd_gettime",
"timerfd_gettime64",
"timerfd_settime", "timerfd_settime",
"timerfd_settime64",
"times", "times",
"tkill", "tkill",
"truncate", "truncate",
@ -361,6 +370,7 @@ func DefaultProfile() *Seccomp {
"unshare", "unshare",
"utime", "utime",
"utimensat", "utimensat",
"utimensat_time64",
"utimes", "utimes",
"vfork", "vfork",
"vmsplice", "vmsplice",
@ -642,6 +652,7 @@ func DefaultProfile() *Seccomp {
"settimeofday", "settimeofday",
"stime", "stime",
"clock_settime", "clock_settime",
"clock_settime64",
}, },
Action: ActAllow, Action: ActAllow,
Args: []*Arg{}, Args: []*Arg{},

13
common/pkg/seccomp/seccomp.json
View File

@ -68,9 +68,13 @@
"chown", "chown",
"chown32", "chown32",
"clock_adjtime", "clock_adjtime",
"clock_adjtime64",
"clock_getres", "clock_getres",
"clock_getres_time64",
"clock_gettime", "clock_gettime",
"clock_gettime64",
"clock_nanosleep", "clock_nanosleep",
"clock_nanosleep_time64",
"clone", "clone",
"close", "close",
"connect", "connect",
@ -228,12 +232,14 @@
"pivot_root", "pivot_root",
"poll", "poll",
"ppoll", "ppoll",
"ppoll_time64",
"prctl", "prctl",
"pread64", "pread64",
"preadv", "preadv",
"preadv2", "preadv2",
"prlimit64", "prlimit64",
"pselect6", "pselect6",
"pselect6_time64",
"pwrite64", "pwrite64",
"pwritev", "pwritev",
"pwritev2", "pwritev2",
@ -345,10 +351,13 @@
"timer_delete", "timer_delete",
"timer_getoverrun", "timer_getoverrun",
"timer_gettime", "timer_gettime",
"timer_gettime64",
"timer_settime", "timer_settime",
"timerfd_create", "timerfd_create",
"timerfd_gettime", "timerfd_gettime",
"timerfd_gettime64",
"timerfd_settime", "timerfd_settime",
"timerfd_settime64",
"times", "times",
"tkill", "tkill",
"truncate", "truncate",
@ -363,6 +372,7 @@
"unshare", "unshare",
"utime", "utime",
"utimensat", "utimensat",
"utimensat_time64",
"utimes", "utimes",
"vfork", "vfork",
"vmsplice", "vmsplice",
@ -749,7 +759,8 @@
"names": [ "names": [
"settimeofday", "settimeofday",
"stime", "stime",
"clock_settime" "clock_settime",
"clock_settime64"
], ],
"action": "SCMP_ACT_ALLOW", "action": "SCMP_ACT_ALLOW",
"args": [], "args": [],