Browse code
seccomp: Allow personality with UNAME26 bit set.
From personality(2):
Have uname(2) report a 2.6.40+ version number rather than a 3.x version
number. Added as a stopgap measure to support broken applications that
could not handle the kernel version-numbering switch from 2.6.x to 3.x.
This allows both "UNAME26|PER_LINUX" and "UNAME26|PER_LINUX32".
Fixes: #32839
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Ian Campbell authored on 2017/05/02 23:05:01Showing 2 changed files
| ... | ... |
@@ -406,6 +406,40 @@ |
| 406 | 406 |
"args": [ |
| 407 | 407 |
{
|
| 408 | 408 |
"index": 0, |
| 409 |
+ "value": 131072, |
|
| 410 |
+ "valueTwo": 0, |
|
| 411 |
+ "op": "SCMP_CMP_EQ" |
|
| 412 |
+ } |
|
| 413 |
+ ], |
|
| 414 |
+ "comment": "", |
|
| 415 |
+ "includes": {},
|
|
| 416 |
+ "excludes": {}
|
|
| 417 |
+ }, |
|
| 418 |
+ {
|
|
| 419 |
+ "names": [ |
|
| 420 |
+ "personality" |
|
| 421 |
+ ], |
|
| 422 |
+ "action": "SCMP_ACT_ALLOW", |
|
| 423 |
+ "args": [ |
|
| 424 |
+ {
|
|
| 425 |
+ "index": 0, |
|
| 426 |
+ "value": 131080, |
|
| 427 |
+ "valueTwo": 0, |
|
| 428 |
+ "op": "SCMP_CMP_EQ" |
|
| 429 |
+ } |
|
| 430 |
+ ], |
|
| 431 |
+ "comment": "", |
|
| 432 |
+ "includes": {},
|
|
| 433 |
+ "excludes": {}
|
|
| 434 |
+ }, |
|
| 435 |
+ {
|
|
| 436 |
+ "names": [ |
|
| 437 |
+ "personality" |
|
| 438 |
+ ], |
|
| 439 |
+ "action": "SCMP_ACT_ALLOW", |
|
| 440 |
+ "args": [ |
|
| 441 |
+ {
|
|
| 442 |
+ "index": 0, |
|
| 409 | 443 |
"value": 4294967295, |
| 410 | 444 |
"valueTwo": 0, |
| 411 | 445 |
"op": "SCMP_CMP_EQ" |
| ... | ... |
@@ -383,6 +383,28 @@ func DefaultProfile() *types.Seccomp {
|
| 383 | 383 |
Args: []*types.Arg{
|
| 384 | 384 |
{
|
| 385 | 385 |
Index: 0, |
| 386 |
+ Value: 0x20000, |
|
| 387 |
+ Op: types.OpEqualTo, |
|
| 388 |
+ }, |
|
| 389 |
+ }, |
|
| 390 |
+ }, |
|
| 391 |
+ {
|
|
| 392 |
+ Names: []string{"personality"},
|
|
| 393 |
+ Action: types.ActAllow, |
|
| 394 |
+ Args: []*types.Arg{
|
|
| 395 |
+ {
|
|
| 396 |
+ Index: 0, |
|
| 397 |
+ Value: 0x20008, |
|
| 398 |
+ Op: types.OpEqualTo, |
|
| 399 |
+ }, |
|
| 400 |
+ }, |
|
| 401 |
+ }, |
|
| 402 |
+ {
|
|
| 403 |
+ Names: []string{"personality"},
|
|
| 404 |
+ Action: types.ActAllow, |
|
| 405 |
+ Args: []*types.Arg{
|
|
| 406 |
+ {
|
|
| 407 |
+ Index: 0, |
|
| 386 | 408 |
Value: 0xffffffff, |
| 387 | 409 |
Op: types.OpEqualTo, |
| 388 | 410 |
}, |