diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-06-10 18:04:02 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-06-13 16:25:54 +0200 |
commit | 54a17e01de048a2275f8861b211f10d11e56407d (patch) | |
tree | 34e569f8eb22469cabf1d4052c8e9cc1772f4fc7 /src/shared/seccomp-util.c | |
parent | 4e069746fe0de1f60bd1b75c113b0f40ffe86736 (diff) |
nspawn: lock down system call filter a bit
Let's block access to the kernel keyring and a number of obsolete system calls.
Also, update list of syscalls that may alter the system clock, and do raw IO
access. Filter ptrace() if CAP_SYS_PTRACE is not passed to the container and
acct() if CAP_SYS_PACCT is not passed.
This also changes things so that kexec(), some profiling calls, the swap calls
and quotactl() is never available to containers, not even if CAP_SYS_ADMIN is
passed. After all we currently permit CAP_SYS_ADMIN to containers by default,
but these calls should not be available, even then.
Diffstat (limited to 'src/shared/seccomp-util.c')
0 files changed, 0 insertions, 0 deletions