Browse code
Do not allow name_to_handle_at, as we have already blocked open_by_handle_at
Being able to obtain a file handle is no use as we cannot perform
any operation in it, and it may leak kernel state.
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Justin Cormack authored on 2016/01/04 05:22:09Showing 1 changed files
| ... | ... |
@@ -804,11 +804,6 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 804 | 804 |
Args: []*configs.Arg{},
|
| 805 | 805 |
}, |
| 806 | 806 |
{
|
| 807 |
- Name: "name_to_handle_at", |
|
| 808 |
- Action: configs.Allow, |
|
| 809 |
- Args: []*configs.Arg{},
|
|
| 810 |
- }, |
|
| 811 |
- {
|
|
| 812 | 807 |
Name: "nanosleep", |
| 813 | 808 |
Action: configs.Allow, |
| 814 | 809 |
Args: []*configs.Arg{},
|