summaryrefslogtreecommitdiff
path: root/rules
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-06-30 16:22:12 +0200
committerLennart Poettering <lennart@poettering.net>2014-06-30 16:22:12 +0200
commit28650077f36466d9c5ee27ef2006fae3171a2430 (patch)
tree4775b637711114e0e2f99dcc7248641873965242 /rules
parent840295fc1e30bb8902e8df08127bbc281318b537 (diff)
nspawn: block open_by_handle_at() and others via seccomp
Let's protect ourselves against the recently reported docker security issue. Our man page makes clear that we do not make any security promises anyway, but well, this one is easy to mitigate, so let's do it. While we are at it block a couple of more syscalls that are no good in containers, too.
Diffstat (limited to 'rules')
0 files changed, 0 insertions, 0 deletions