docker/cli
1
0
Fork 0
mirror of https://github.com/docker/cli.git synced 2026-01-16 20:22:36 +03:00
Code Activity

Block original umount syscall in default seccomp filter

Browse Source 
The original umount syscall without flags argument needs to
be blocked too.

Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Upstream-commit: 9be0d93cf74d1bb31c401f1154abc773af31cbd6
Component: engine
This commit is contained in:
Justin Cormack
2015-12-29 11:57:16 +00:00
parent 425c31f3c5
commit e02645b0cd
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
components/engine/daemon/execdriver/native/seccomp_default.go
View File

@@ -298,6 +298,12 @@ var defaultSeccompProfile = &configs.Seccomp{
Action: configs.Errno,
Args: []*configs.Arg{},
},
{
// Deny umount
Name: "umount",
Action: configs.Errno,
Args: []*configs.Arg{},
},
{
// Deny umount
Name: "umount2",