seccomp: whitelist quotactl with CAP_SYS_ADMIN

The quotactl syscall is being whitelisted in default seccomp profile, gated by CAP_SYS_ADMIN. Signed-off-by: Panagiotis Moustafellos <pmoust@elastic.co> Upstream-commit: cf6e1c5dfd07f5048606bb7b21464c658e252322 Component: engine
2017-08-08 20:01:53 +03:00
parent 67eefe8cfd
commit 840bc1dc6a
2 changed files with 2 additions and 0 deletions
--- a/components/engine/profiles/seccomp/default.json
+++ b/components/engine/profiles/seccomp/default.json
@ -557,6 +557,7 @@
 				"mount",
 				"name_to_handle_at",
 				"perf_event_open",
+				"quotactl",
 				"setdomainname",
 				"sethostname",
 				"setns",
--- a/components/engine/profiles/seccomp/seccomp_default.go
+++ b/components/engine/profiles/seccomp/seccomp_default.go
@ -488,6 +488,7 @@ func DefaultProfile() *types.Seccomp {
 				"mount",
 				"name_to_handle_at",
 				"perf_event_open",
+				"quotactl",
 				"setdomainname",
 				"sethostname",
 				"setns",