containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

seccomp: allow fanotify_init without CAP_SYS_ADMIN 

Closes: https://github.com/containers/common/issues/2411

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2025-04-07 12:49:10 +02:00
parent d093d6c769
commit b690083685
2 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
common/pkg/seccomp/default_linux.go
View File

@ -145,6 +145,7 @@ func DefaultProfile() *Seccomp {
"fadvise64", "fadvise64",
"fadvise64_64", "fadvise64_64",
"fallocate", "fallocate",
"fanotify_init",
"fanotify_mark", "fanotify_mark",
"fchdir", "fchdir",
"fchmod", "fchmod",
@ -614,7 +615,6 @@ func DefaultProfile() *Seccomp {
{ {
Names: []string{ Names: []string{
"bpf", "bpf",
"fanotify_init",
"lookup_dcookie", "lookup_dcookie",
"quotactl", "quotactl",
"quotactl_fd", "quotactl_fd",
@ -630,7 +630,6 @@ func DefaultProfile() *Seccomp {
}, },
{ {
Names: []string{ Names: []string{
"fanotify_init",
"lookup_dcookie", "lookup_dcookie",
"perf_event_open", "perf_event_open",
"quotactl", "quotactl",

3
common/pkg/seccomp/seccomp.json
View File

@ -152,6 +152,7 @@
"fadvise64", "fadvise64",
"fadvise64_64", "fadvise64_64",
"fallocate", "fallocate",
"fanotify_init",
"fanotify_mark", "fanotify_mark",
"fchdir", "fchdir",
"fchmod", "fchmod",
@ -691,7 +692,6 @@
{ {
"names": [ "names": [
"bpf", "bpf",
"fanotify_init",
"lookup_dcookie", "lookup_dcookie",
"quotactl", "quotactl",
"quotactl_fd", "quotactl_fd",
@ -711,7 +711,6 @@
}, },
{ {
"names": [ "names": [
"fanotify_init",
"lookup_dcookie", "lookup_dcookie",
"perf_event_open", "perf_event_open",
"quotactl", "quotactl",