p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
87afb49f07a820fe13ff6fee8a3cef405156e657
docker-cli/components/engine/profiles/seccomp
History
Justin Cormack 5305b5b601 Remove mlock and vhangup from the default seccomp profile 
These syscalls are already blocked by the default capabilities:
mlock mlock2 mlockall require CAP_IPC_LOCK
vhangup requires CAP_SYS_TTY_CONFIG

There is therefore no reason to allow them in the default profile
as they cannot be used anyway.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: e7a99ae5e16f8688a0735c91856d13633f48185c
Component: engine
2016-04-21 18:23:59 +01:00
..
fixtures
move default seccomp profile into package
2016-01-21 16:55:29 -08:00
default.json
Remove mlock and vhangup from the default seccomp profile
2016-04-21 18:23:59 +01:00
generate.go
generate seccomp profile convert type
2016-02-19 13:32:54 -08:00
seccomp_default.go
Remove mlock and vhangup from the default seccomp profile
2016-04-21 18:23:59 +01:00
seccomp_test.go
add seccomp default profile fix tests
2016-02-19 13:32:54 -08:00
seccomp_unsupported.go
generate seccomp profile convert type
2016-02-19 13:32:54 -08:00
seccomp.go
Reuse profiles/seccomp package
2016-03-19 14:15:39 -07:00