Browse code
Block clock_adjtime in default seccomp config
clock_adjtime is the new posix style version of adjtime allowing
a specific clock to be specified. Time is not namespaced, so do
not allow.
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Justin Cormack authored on 2015/12/29 21:48:16Showing 1 changed files
| ... | ... |
@@ -30,6 +30,12 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 30 | 30 |
}, |
| 31 | 31 |
{
|
| 32 | 32 |
// Time/Date is not namespaced |
| 33 |
+ Name: "clock_adjtime", |
|
| 34 |
+ Action: configs.Errno, |
|
| 35 |
+ Args: []*configs.Arg{},
|
|
| 36 |
+ }, |
|
| 37 |
+ {
|
|
| 38 |
+ // Time/Date is not namespaced |
|
| 33 | 39 |
Name: "clock_settime", |
| 34 | 40 |
Action: configs.Errno, |
| 35 | 41 |
Args: []*configs.Arg{},
|