From c1b57fc1c9e230b95c2c76d1eaca0e3622fc72d5 Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin@specialbusservice.com>
Date: Sun, 3 Jan 2016 20:22:09 +0000
Subject: [PATCH] Do not allow name_to_handle_at, as we have already blocked
 open_by_handle_at

Being able to obtain a file handle is no use as we cannot perform
any operation in it, and it may leak kernel state.

Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
---
 daemon/execdriver/native/seccomp_default.go | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/daemon/execdriver/native/seccomp_default.go b/daemon/execdriver/native/seccomp_default.go
index 946993e44d..fdd7fee457 100644
--- a/daemon/execdriver/native/seccomp_default.go
+++ b/daemon/execdriver/native/seccomp_default.go
@@ -803,11 +803,6 @@ var defaultSeccompProfile = &configs.Seccomp{
 			Action: configs.Allow,
 			Args:   []*configs.Arg{},
 		},
-		{
-			Name:   "name_to_handle_at",
-			Action: configs.Allow,
-			Args:   []*configs.Arg{},
-		},
 		{
 			Name:   "nanosleep",
 			Action: configs.Allow,