gitpod icon indicating copy to clipboard operation
gitpod copied to clipboard

Published 20 hours ago verified publisher icon gitpod-io

Add clone3 to seccomp profile syscalls

Open aledbf opened this issue 2 years ago • 3 comments

Related Issue(s)

Fixes #10703 Fixes #11963 Fixes #11964

How to test

  • Open a workspace and run
git clone https://github.com/ComplianceAsCode/content/
cd content/Dockerfiles
docker build -t test -f ubuntu .
  • Test command docker run -it gitpod/workspace-full:latest bash do not ends with SIGABRT

Release Notes

NONE

Werft options:

  • [x] /werft with-preview

aledbf avatar Aug 08 '22 22:08 aledbf

started the job as gitpod-build-aledbf-clone3.1 because the annotations in the pull request description changed (with .werft/ from main)

werft-gitpod-dev-com[bot] avatar Aug 08 '22 22:08 werft-gitpod-dev-com[bot]

/hold until getting approval from @utam0k and @Furisto because this PR affects security aside. Of course, welcome comments from others.

utam0k avatar Aug 09 '22 01:08 utam0k

@Furisto If you put into approve this PR, feel free /unhold.

utam0k avatar Aug 10 '22 00:08 utam0k

@Furisto @utam0k does this need to be tested with cgroup v1? I ask for self-hosted customers.

kylos101 avatar Aug 10 '22 15:08 kylos101

@kylos101 We do not need to test it for cgroup v1.

Furisto avatar Aug 10 '22 15:08 Furisto

/unhold

Furisto avatar Aug 10 '22 15:08 Furisto

@Furisto @utam0k does this need to be tested with cgroup v1? I ask for self-hosted customers.

We don't need it because it relates seccomp notify feature, not cgroup 👍

utam0k avatar Aug 12 '22 00:08 utam0k