!56 docker:add clone3 to seccomp whitelist to fix curl failed in X86
From: @Vanient Reviewed-by: @jianminw Signed-off-by: @jianminw
This commit is contained in:
openeuler-ci-bot
Gitee
commit
8c7be812cf
@ -1 +1 @@
|
|||||||
18.09.0.116
|
18.09.0.117
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
Name: docker-engine
|
Name: docker-engine
|
||||||
Version: 18.09.0
|
Version: 18.09.0
|
||||||
Release: 116
|
Release: 117
|
||||||
Summary: The open-source application container engine
|
Summary: The open-source application container engine
|
||||||
Group: Tools/Docker
|
Group: Tools/Docker
|
||||||
|
|
||||||
@ -212,6 +212,12 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 08 2021 xiadanni<xiadanni1@huawei.com> - 18.09.0-117
|
||||||
|
- Type:bugfix
|
||||||
|
- CVE:NA
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:add clone3 to seccomp whitelist to fix curl failed in X86
|
||||||
|
|
||||||
* Fri Sep 03 2021 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-116
|
* Fri Sep 03 2021 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-116
|
||||||
- Type:bugfix
|
- Type:bugfix
|
||||||
- CVE:NA
|
- CVE:NA
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
fe98eb898c92a27f02439bc043b071aaadaf3f6e
|
cfb8513e11e19660d19486f6a4ac25516f1413cd
|
||||||
|
|||||||
@ -0,0 +1,30 @@
|
|||||||
|
From 376f6a9de2dcbf9605c23409a880eb3534af6ffa Mon Sep 17 00:00:00 2001
|
||||||
|
From: xiadanni <xiadanni1@huawei.com>
|
||||||
|
Date: Wed, 8 Sep 2021 09:04:31 +0800
|
||||||
|
Subject: [PATCH] docker: add clone3 to seccomp whitelist to fix curl failed in
|
||||||
|
X86
|
||||||
|
|
||||||
|
After kernel upgrade to 5.10, clone3 is defined. But if clone3 is not added
|
||||||
|
to docker seccomp whitelist, clone3 calling will be rejected in container, which
|
||||||
|
causes some commands like curl returns error.
|
||||||
|
|
||||||
|
Signed-off-by: xiadanni <xiadanni1@huawei.com>
|
||||||
|
---
|
||||||
|
components/engine/profiles/seccomp/seccomp_default.go | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/components/engine/profiles/seccomp/seccomp_default.go b/components/engine/profiles/seccomp/seccomp_default.go
|
||||||
|
index 60550124..ac81c2e0 100644
|
||||||
|
--- a/components/engine/profiles/seccomp/seccomp_default.go
|
||||||
|
+++ b/components/engine/profiles/seccomp/seccomp_default.go
|
||||||
|
@@ -449,6 +449,7 @@ func DefaultProfile() *types.Seccomp {
|
||||||
|
{
|
||||||
|
Names: []string{
|
||||||
|
"modify_ldt",
|
||||||
|
+ "clone3",
|
||||||
|
},
|
||||||
|
Action: types.ActAllow,
|
||||||
|
Args: []*types.Arg{},
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
||||||
@ -189,4 +189,5 @@ patch/0188-docker-check-containerd-pid-before-kill-it.patch
|
|||||||
patch/0189-docker-fix-Access-to-remapped-root-allows-privilege-.patch
|
patch/0189-docker-fix-Access-to-remapped-root-allows-privilege-.patch
|
||||||
patch/0190-docker-fix-CVE-2021-21285.patch
|
patch/0190-docker-fix-CVE-2021-21285.patch
|
||||||
patch/0191-rollback-if-docker-restart-when-doing-BlkDiscard.patch
|
patch/0191-rollback-if-docker-restart-when-doing-BlkDiscard.patch
|
||||||
|
patch/0192-docker-add-clone3-to-seccomp-whitelist-to-fix-curl-f.patch
|
||||||
#end
|
#end
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user