diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-06-30 16:22:12 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-06-30 16:22:12 +0200 |
commit | 28650077f36466d9c5ee27ef2006fae3171a2430 (patch) | |
tree | 4775b637711114e0e2f99dcc7248641873965242 /rules | |
parent | 840295fc1e30bb8902e8df08127bbc281318b537 (diff) |
nspawn: block open_by_handle_at() and others via seccomp
Let's protect ourselves against the recently reported docker security
issue. Our man page makes clear that we do not make any security
promises anyway, but well, this one is easy to mitigate, so let's do it.
While we are at it block a couple of more syscalls that are no good in
containers, too.
Diffstat (limited to 'rules')
0 files changed, 0 insertions, 0 deletions