Skip to content

Commit

Permalink
seccomp: whitelist quotactl with CAP_SYS_ADMIN
Browse files Browse the repository at this point in the history 
The quotactl syscall is being whitelisted in default seccomp profile,
gated by CAP_SYS_ADMIN.

Signed-off-by: Panagiotis Moustafellos <[email protected]>
  • Loading branch information
@pmoust
pmoust committed Aug 9, 2017
1 parent 526fc40 commit cf6e1c5
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions profiles/seccomp/default.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -557,6 +557,7 @@
"mount",
"name_to_handle_at",
"perf_event_open",
"quotactl",
"setdomainname",
"sethostname",
"setns",
Expand Down
1 change: 1 addition & 0 deletions profiles/seccomp/seccomp_default.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -488,6 +488,7 @@ func DefaultProfile() *types.Seccomp {
"mount",
"name_to_handle_at",
"perf_event_open",
"quotactl",
"setdomainname",
"sethostname",
"setns",
Expand Down

0 comments on commit cf6e1c5

Please sign in to comment.