Browse code
Merge pull request #18969 from justincormack/vm86
Block vm86 syscalls in default seccomp profile
Arnaud Porterie authored on 2015/12/30 04:57:35Showing 1 changed files
| ... | ... |
@@ -356,5 +356,17 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 356 | 356 |
Action: configs.Errno, |
| 357 | 357 |
Args: []*configs.Arg{},
|
| 358 | 358 |
}, |
| 359 |
+ {
|
|
| 360 |
+ // In kernel x86 real mode virtual machine |
|
| 361 |
+ Name: "vm86", |
|
| 362 |
+ Action: configs.Errno, |
|
| 363 |
+ Args: []*configs.Arg{},
|
|
| 364 |
+ }, |
|
| 365 |
+ {
|
|
| 366 |
+ // In kernel x86 real mode virtual machine |
|
| 367 |
+ Name: "vm86old", |
|
| 368 |
+ Action: configs.Errno, |
|
| 369 |
+ Args: []*configs.Arg{},
|
|
| 370 |
+ }, |
|
| 359 | 371 |
}, |
| 360 | 372 |
} |