p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
22,611 Commits 2 Branches 295 Tags
42a4bb9e98a64c19e9cdb334aaa4441ab547c989
Commit Graph

9 Commits

Author SHA1 Message Date
Justin Cormack
3edfa94729 Add some uses of personality syscall to default seccomp filter 
We generally want to filter the personality(2) syscall, as it
allows disabling ASLR, and turning on some poorly supported
emulations that have been the target of CVEs. However the use
cases for reading the current value, setting the default
PER_LINUX personality, and setting PER_LINUX32 for 32 bit
emulation are fine.

See issue #20634

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 39b799ac53e2ba397edc3063432d01478416dbc8
Component: engine
 2016-02-26 18:43:08 +01:00
Antonio Murdaca
4b3e3eb7e6 add seccomp default profile fix tests 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Upstream-commit: 11435b674b8ed580f8cf401c7cee7d24f59d7a43
Component: engine
 2016-02-19 13:32:54 -08:00
Jessica Frazelle
bea41e64ba generate seccomp profile convert type 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Upstream-commit: ad600239bca1ac89d9684a98d6f7f260959e81d2
Component: engine
 2016-02-19 13:32:54 -08:00
Aleksa Sarai
d9e3cdab8a apparmor: use correct version for ptrace denial suppression 
Ubuntu ships apparmor_parser 2.9 erroniously as "2.8.95". Fix the
incorrect version check for >=2.8, when in fact 2.8 deosn't support the
required feature.

Signed-off-by: Aleksa Sarai <asarai@suse.com>
Upstream-commit: 284d9d451e93baff311b501018cae2097f76b134
Component: engine
 2016-02-15 20:36:29 +11:00
Aleksa Sarai
08e0c58b53 apparmor: fix version checks to work properly 
Using {{if major}}{{if minor}} doesn't work as expected when the major
version changes. In addition, this didn't support patch levels (which is
necessary in some cases when distributions ship apparmor weirdly).

Signed-off-by: Aleksa Sarai <asarai@suse.com>
Upstream-commit: 4bf7a84c969b9309b0534a61af55b8bb824acc0a
Component: engine
 2016-02-15 20:36:07 +11:00
Jessica Frazelle
cb9f693ca8 add validation for generating default secccomp profile 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Upstream-commit: 9bc771af9d09026111916191394eb2896608eb59
Component: engine
 2016-02-08 13:04:52 -08:00
Jessica Frazelle
a45e7dc118 add default seccomp profile as json 
profile is created by go generate

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Upstream-commit: d57816de0293e18ecfa68ac6e8c288a888912e33
Component: engine
 2016-02-08 08:19:21 -08:00
Jessica Frazelle
7187db20a2 move default seccomp profile into package 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Upstream-commit: bed0bb7d017bb4a8400ac2c031dc74cd74240bfb
Component: engine
 2016-01-21 16:55:29 -08:00
Jessica Frazelle
190d8fab36 move default apparmor policy into package 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Upstream-commit: 35e50119fc2a2a6d9bcdc95c000df8b66d6cb9d3
Component: engine
 2016-01-21 16:55:27 -08:00