docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add ipc syscall to default seccomp profile 

On 32 bit x86 this is a multiplexing syscall for the system V
ipc syscalls such as shmget, and so needs to be allowed for
shared memory access for 32 bit binaries.

Fixes #20733

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack 2016-03-05 22:10:12 +00:00
parent beb17c096d
commit 31410a6d79
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
profiles/seccomp/default.json
View File

@ -593,6 +593,11 @@
"action": "SCMP_ACT_ALLOW", "action": "SCMP_ACT_ALLOW",
"args": [] "args": []
}, },
{
"name": "ipc",
"action": "SCMP_ACT_ALLOW",
"args": []
},
{ {
"name": "kill", "name": "kill",
"action": "SCMP_ACT_ALLOW", "action": "SCMP_ACT_ALLOW",

5
profiles/seccomp/seccomp_default.go
View File

@ -625,6 +625,11 @@ var DefaultProfile = &types.Seccomp{
Action: types.ActAllow, Action: types.ActAllow,
Args: []*types.Arg{}, Args: []*types.Arg{},
}, },
{
Name: "ipc",
Action: types.ActAllow,
Args: []*types.Arg{},
},
{ {
Name: "kill", Name: "kill",
Action: types.ActAllow, Action: types.ActAllow,