1. docker
  2. Commit 665741510a05199d7948c73c19285b3311ab323f
Browse code

seccomp: whitelist io_pgetevents()

io_pgetevents() is a new Linux system call. It is similar to io_getevents()
that is already whitelisted, and adds no special abilities over that system call.

Allow that system call to enable applications that use it.

Fixes #38894.

Signed-off-by: Avi Kivity <avi@scylladb.com>

Avi Kivity authored on 2019/03/19 03:14:56
Showing 2 changed files
profiles/seccomp/default.json
History View file @ 6657415
... ... 
@@ -162,6 +162,7 @@
162 162 
 				"ioctl",
163 163 
 				"io_destroy",
164 164 
 				"io_getevents",
165 
+				"io_pgetevents",
165 166 
 				"ioprio_get",
166 167 
 				"ioprio_set",
167 168 
 				"io_setup",
profiles/seccomp/seccomp_default.go
History View file @ 6657415
... ... 
@@ -155,6 +155,7 @@ func DefaultProfile() *types.Seccomp {
155 155 
 				"ioctl",
156 156 
 				"io_destroy",
157 157 
 				"io_getevents",
158 
+				"io_pgetevents",
158 159 
 				"ioprio_get",
159 160 
 				"ioprio_set",
160 161 
 				"io_setup",