3edfa94729
We generally want to filter the personality(2) syscall, as it allows disabling ASLR, and turning on some poorly supported emulations that have been the target of CVEs. However the use cases for reading the current value, setting the default PER_LINUX personality, and setting PER_LINUX32 for 32 bit emulation are fine. See issue #20634 Signed-off-by: Justin Cormack <justin.cormack@docker.com> Upstream-commit: 39b799ac53e2ba397edc3063432d01478416dbc8 Component: engine