1. docker
  2. Commit cf6e1c5dfd07f5048606bb7b21464c658e252322
Browse code

seccomp: whitelist quotactl with CAP_SYS_ADMIN

The quotactl syscall is being whitelisted in default seccomp profile,
gated by CAP_SYS_ADMIN.

Signed-off-by: Panagiotis Moustafellos <pmoust@elastic.co>

Panagiotis Moustafellos authored on 2017/08/09 02:01:53
Showing 2 changed files
profiles/seccomp/default.json
History View file @ cf6e1c5
... ... 
@@ -557,6 +557,7 @@
557 557 
 				"mount",
558 558 
 				"name_to_handle_at",
559 559 
 				"perf_event_open",
560 
+				"quotactl",
560 561 
 				"setdomainname",
561 562 
 				"sethostname",
562 563 
 				"setns",
profiles/seccomp/seccomp_default.go
History View file @ cf6e1c5
... ... 
@@ -488,6 +488,7 @@ func DefaultProfile() *types.Seccomp {
488 488 
 				"mount",
489 489 
 				"name_to_handle_at",
490 490 
 				"perf_event_open",
491 
+				"quotactl",
491 492 
 				"setdomainname",
492 493 
 				"sethostname",
493 494 
 				"setns",