docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not allow name_to_handle_at, as we have already blocked open_by_handle_at 

Being able to obtain a file handle is no use as we cannot perform
any operation in it, and it may leak kernel state.

Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
This commit is contained in:
Justin Cormack 2016-01-03 20:22:09 +00:00 committed by Jessica Frazelle
parent a1747b3cc8
commit c1b57fc1c9
No known key found for this signature in database
GPG Key ID: 18F3685C0022BFF3
1 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
daemon/execdriver/native/seccomp_default.go
View File

@ -803,11 +803,6 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "name_to_handle_at",
Action: configs.Allow,
Args: []*configs.Arg{},
},
{
Name: "nanosleep",
Action: configs.Allow,