docs/profiles at 150009e9d8dbde08d15e0a72c1022f867860f57e - docs

History

Justin Cormack e7a99ae5e1 Remove mlock and vhangup from the default seccomp profile These syscalls are already blocked by the default capabilities: mlock mlock2 mlockall require CAP_IPC_LOCK vhangup requires CAP_SYS_TTY_CONFIG There is therefore no reason to allow them in the default profile as they cannot be used anyway. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-04-21 18:23:59 +01:00
..
apparmor	profiles: apparmor: actually calculate version	2016-03-20 19:03:19 +11:00
seccomp	Remove mlock and vhangup from the default seccomp profile	2016-04-21 18:23:59 +01:00

Justin Cormack e7a99ae5e1 Remove mlock and vhangup from the default seccomp profile

These syscalls are already blocked by the default capabilities:
mlock mlock2 mlockall require CAP_IPC_LOCK
vhangup requires CAP_SYS_TTY_CONFIG

There is therefore no reason to allow them in the default profile
as they cannot be used anyway.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>

2016-04-21 18:23:59 +01:00

apparmor

profiles: apparmor: actually calculate version

2016-03-20 19:03:19 +11:00

seccomp

Remove mlock and vhangup from the default seccomp profile

2016-04-21 18:23:59 +01:00