Whitelist adjtimex get operation. Adjustment operations are gated by CAP_SYS_TIME

Signed-off-by: Miklos Szegedi <miklos.szegedi@cloudera.com> Upstream-commit: 2db05316d09214f5cd6de24e9f17784cbc2f2573 Component: engine
2017-05-22 22:42:47 -07:00
parent cb8736d49e
commit 048c29d376
2 changed files with 2 additions and 2 deletions
--- a/components/engine/profiles/seccomp/default.json
+++ b/components/engine/profiles/seccomp/default.json
@ -55,6 +55,7 @@
 				"accept",
 				"accept4",
 				"access",
+				"adjtimex",
 				"alarm",
 				"alarm",
 				"bind",
@ -719,7 +720,6 @@
 			"names": [
 				"settimeofday",
 				"stime",
-				"adjtimex",
 				"clock_settime"
 			],
 			"action": "SCMP_ACT_ALLOW",
--- a/components/engine/profiles/seccomp/seccomp_default.go
+++ b/components/engine/profiles/seccomp/seccomp_default.go
@ -49,6 +49,7 @@ func DefaultProfile() *types.Seccomp {
 				"accept",
 				"accept4",
 				"access",
+				"adjtimex",
 				"alarm",
 				"alarm",
 				"bind",
@ -611,7 +612,6 @@ func DefaultProfile() *types.Seccomp {
 			Names: []string{
 				"settimeofday",
 				"stime",
-				"adjtimex",
 				"clock_settime",
 			},
 			Action: types.ActAllow,