packages/docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docker:add clone3 to seccomp whitelist to fix curl failed in X86

Browse Source 
After kernel upgrade to 5.10, clone3 is defined. But if clone3 is not
added to docker seccomp whitelist, clone3 calling will be rejected in
container, which causes some commands like curl returns error.

Signed-off-by: xiadanni <xiadanni1@huawei.com>
This commit is contained in:
xiadanni 2021-09-08 12:59:53 +08:00
parent 704395add0
commit 7b18fd9382
5 changed files with 40 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION-openeuler
View File

@ -1 +1 @@
18.09.0.116 18.09.0.117

8
docker.spec
View File

@ -1,6 +1,6 @@
Name: docker-engine Name: docker-engine
Version: 18.09.0 Version: 18.09.0
Release: 116 Release: 117
Summary: The open-source application container engine Summary: The open-source application container engine
Group: Tools/Docker Group: Tools/Docker
@ -212,6 +212,12 @@ fi
%endif %endif
%changelog %changelog
* Wed Sep 08 2021 xiadanni<xiadanni1@huawei.com> - 18.09.0-117
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:add clone3 to seccomp whitelist to fix curl failed in X86
* Fri Sep 03 2021 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-116 * Fri Sep 03 2021 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-116
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA

2
git-commit
View File

@ -1 +1 @@
fe98eb898c92a27f02439bc043b071aaadaf3f6e cfb8513e11e19660d19486f6a4ac25516f1413cd

30
patch/0192-docker-add-clone3-to-seccomp-whitelist-to-fix-curl-f.patch Normal file
View File

@ -0,0 +1,30 @@
From 376f6a9de2dcbf9605c23409a880eb3534af6ffa Mon Sep 17 00:00:00 2001
From: xiadanni <xiadanni1@huawei.com>
Date: Wed, 8 Sep 2021 09:04:31 +0800
Subject: [PATCH] docker: add clone3 to seccomp whitelist to fix curl failed in
X86
After kernel upgrade to 5.10, clone3 is defined. But if clone3 is not added
to docker seccomp whitelist, clone3 calling will be rejected in container, which
causes some commands like curl returns error.
Signed-off-by: xiadanni <xiadanni1@huawei.com>
---
components/engine/profiles/seccomp/seccomp_default.go | 1 +
1 file changed, 1 insertion(+)
diff --git a/components/engine/profiles/seccomp/seccomp_default.go b/components/engine/profiles/seccomp/seccomp_default.go
index 60550124..ac81c2e0 100644
--- a/components/engine/profiles/seccomp/seccomp_default.go
+++ b/components/engine/profiles/seccomp/seccomp_default.go
@@ -449,6 +449,7 @@ func DefaultProfile() *types.Seccomp {
{
Names: []string{
"modify_ldt",
+ "clone3",
},
Action: types.ActAllow,
Args: []*types.Arg{},
--
2.27.0

1
series.conf
View File

@ -189,4 +189,5 @@ patch/0188-docker-check-containerd-pid-before-kill-it.patch
patch/0189-docker-fix-Access-to-remapped-root-allows-privilege-.patch patch/0189-docker-fix-Access-to-remapped-root-allows-privilege-.patch
patch/0190-docker-fix-CVE-2021-21285.patch patch/0190-docker-fix-CVE-2021-21285.patch
patch/0191-rollback-if-docker-restart-when-doing-BlkDiscard.patch patch/0191-rollback-if-docker-restart-when-doing-BlkDiscard.patch
patch/0192-docker-add-clone3-to-seccomp-whitelist-to-fix-curl-f.patch
#end #end