opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-02 19:28:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Bump github.com/seccomp/containers-golang from 0.4.1 to 0.5.0

Browse Source 
Bumps [github.com/seccomp/containers-golang](https://github.com/seccomp/containers-golang) from 0.4.1 to 0.5.0.
- [Release notes](https://github.com/seccomp/containers-golang/releases)
- [Commits](https://github.com/seccomp/containers-golang/compare/v0.4.1...v0.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
dependabot-preview[bot]
2020-06-05 09:04:58 +00:00
committed by Daniel J Walsh
parent b0578963aa
commit 1093b78833
5 changed files with 192 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
vendor/github.com/seccomp/containers-golang/seccomp.json generated vendored
View File

@@ -317,7 +317,6 @@
"signalfd",
"signalfd4",
"sigreturn",
"socket",
"socketcall",
"socketpair",
"splice",
@@ -769,6 +768,111 @@
]
},
"excludes": {}
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ERRNO",
"args": [
{
"index": 0,
"value": 16,
"valueTwo": 0,
"op": "SCMP_CMP_EQ"
},
{
"index": 2,
"value": 9,
"valueTwo": 0,
"op": "SCMP_CMP_EQ"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_AUDIT_WRITE"
]
},
"errnoRet": 22
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 2,
"value": 9,
"valueTwo": 0,
"op": "SCMP_CMP_NE"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_AUDIT_WRITE"
]
}
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 0,
"value": 16,
"valueTwo": 0,
"op": "SCMP_CMP_NE"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_AUDIT_WRITE"
]
}
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 2,
"value": 9,
"valueTwo": 0,
"op": "SCMP_CMP_NE"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_AUDIT_WRITE"
]
}
},
{
"names": [
"socket"
],
"action": "SCMP_ACT_ALLOW",
"args": null,
"comment": "",
"includes": {
"caps": [
"CAP_AUDIT_WRITE"
]
},
"excludes": {}
}
]
}

84
vendor/github.com/seccomp/containers-golang/seccomp_default_linux.go generated vendored
View File

@@ -7,6 +7,8 @@
package seccomp // import "github.com/seccomp/containers-golang"
import (
"syscall"
"golang.org/x/sys/unix"
)
@@ -45,6 +47,8 @@ func arches() []Architecture {
// DefaultProfile defines the whitelist for the default seccomp profile.
func DefaultProfile() *Seccomp {
einval := uint(syscall.EINVAL)
syscalls := []*Syscall{
{
Names: []string{
@@ -313,7 +317,6 @@ func DefaultProfile() *Seccomp {
"signalfd",
"signalfd4",
"sigreturn",
"socket",
"socketcall",
"socketpair",
"splice",
@@ -652,6 +655,85 @@ func DefaultProfile() *Seccomp {
Caps: []string{"CAP_SYS_TTY_CONFIG"},
},
},
{
Names: []string{
"socket",
},
Action: ActErrno,
ErrnoRet: &einval,
Args: []*Arg{
{
Index: 0,
Value: syscall.AF_NETLINK,
Op: OpEqualTo,
},
{
Index: 2,
Value: syscall.NETLINK_AUDIT,
Op: OpEqualTo,
},
},
Excludes: Filter{
Caps: []string{"CAP_AUDIT_WRITE"},
},
},
{
Names: []string{
"socket",
},
Action: ActAllow,
Args: []*Arg{
{
Index: 2,
Value: syscall.NETLINK_AUDIT,
Op: OpNotEqual,
},
},
Excludes: Filter{
Caps: []string{"CAP_AUDIT_WRITE"},
},
},
{
Names: []string{
"socket",
},
Action: ActAllow,
Args: []*Arg{
{
Index: 0,
Value: syscall.AF_NETLINK,
Op: OpNotEqual,
},
},
Excludes: Filter{
Caps: []string{"CAP_AUDIT_WRITE"},
},
},
{
Names: []string{
"socket",
},
Action: ActAllow,
Args: []*Arg{
{
Index: 2,
Value: syscall.NETLINK_AUDIT,
Op: OpNotEqual,
},
},
Excludes: Filter{
Caps: []string{"CAP_AUDIT_WRITE"},
},
},
{
Names: []string{
"socket",
},
Action: ActAllow,
Includes: Filter{
Caps: []string{"CAP_AUDIT_WRITE"},
},
},
}
return &Seccomp{