runtime-tools icon indicating copy to clipboard operation
runtime-tools copied to clipboard
verified publisher icon opencontainers

seccomp: add CloneNewCgroup to check sysCloneFlagsIndex

Open KentaTada opened this issue 6 years ago • 4 comments

All clone flags should be denied as default profile. Also x/sys should be used instead of syscall.

Signed-off-by: Kenta Tada [email protected]

KentaTada avatar May 20 '19 10:05 KentaTada

I don't understand why pullapprove was failed but I signed off. Could you take a look at this commit?

KentaTada avatar May 20 '19 10:05 KentaTada

FYI, @vbatts @crosbymichael This commit is related to below.
https://github.com/containerd/containerd/pull/3314 https://github.com/moby/moby/pull/39308

KentaTada avatar Jun 04 '19 02:06 KentaTada

@KentaTada can you please rebase this?

kolyshkin avatar Jan 24 '22 19:01 kolyshkin

Rebased. Thanks.

KentaTada avatar Jan 25 '22 14:01 KentaTada

close/reopen to kick ci

kolyshkin avatar Oct 13 '22 23:10 kolyshkin