1. docker
  2. Commit 2db05316d09214f5cd6de24e9f17784cbc2f2573
Browse code

Whitelist adjtimex get operation. Adjustment operations are gated by CAP_SYS_TIME

Signed-off-by: Miklos Szegedi <miklos.szegedi@cloudera.com>

Miklos Szegedi authored on 2017/05/23 14:42:47
Showing 2 changed files
profiles/seccomp/default.json
History View file @ 2db0531
... ... 
@@ -55,6 +55,7 @@
55 55 
 				"accept",
56 56 
 				"accept4",
57 57 
 				"access",
58 
+				"adjtimex",
58 59 
 				"alarm",
59 60 
 				"alarm",
60 61 
 				"bind",
... ... 
@@ -719,7 +720,6 @@
719 719 
 			"names": [
720 720 
 				"settimeofday",
721 721 
 				"stime",
722 
-				"adjtimex",
723 722 
 				"clock_settime"
724 723 
 			],
725 724 
 			"action": "SCMP_ACT_ALLOW",
profiles/seccomp/seccomp_default.go
History View file @ 2db0531
... ... 
@@ -49,6 +49,7 @@ func DefaultProfile() *types.Seccomp {
49 49 
 				"accept",
50 50 
 				"accept4",
51 51 
 				"access",
52 
+				"adjtimex",
52 53 
 				"alarm",
53 54 
 				"alarm",
54 55 
 				"bind",
... ... 
@@ -611,7 +612,6 @@ func DefaultProfile() *types.Seccomp {
611 611 
 			Names: []string{
612 612 
 				"settimeofday",
613 613 
 				"stime",
614 
-				"adjtimex",
615 614 
 				"clock_settime",
616 615 
 			},
617 616 
 			Action: types.ActAllow,