Browse code
Merge pull request #18956 from justincormack/umount
Block original umount syscall in default seccomp filter
Arnaud Porterie authored on 2015/12/30 03:19:04Showing 1 changed files
| ... | ... |
@@ -318,6 +318,12 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 318 | 318 |
}, |
| 319 | 319 |
{
|
| 320 | 320 |
// Deny umount |
| 321 |
+ Name: "umount", |
|
| 322 |
+ Action: configs.Errno, |
|
| 323 |
+ Args: []*configs.Arg{},
|
|
| 324 |
+ }, |
|
| 325 |
+ {
|
|
| 326 |
+ // Deny umount |
|
| 321 | 327 |
Name: "umount2", |
| 322 | 328 |
Action: configs.Errno, |
| 323 | 329 |
Args: []*configs.Arg{},
|