1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
From 9d294ad50d6f12e2e34432d8f213937c2bee739b Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Tue, 6 Apr 2021 16:44:42 -0400
Subject: [PATCH] Add setns to default seccomp.json
In order to run containers within containers via podman
and do a podman exec, we need to allow setns syscalls.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
pkg/seccomp/default_linux.go | 1 +
pkg/seccomp/seccomp.json | 1 +
2 files changed, 2 insertions(+)
--- a/pkg/seccomp/default_linux.go
+++ b/pkg/seccomp/default_linux.go
@@ -348,6 +348,7 @@
"sendmmsg",
"sendmsg",
"sendto",
+ "setns",
"set_robust_list",
"set_thread_area",
"set_tid_address",
--- a/pkg/seccomp/seccomp.json
+++ b/pkg/seccomp/seccomp.json
@@ -351,6 +351,7 @@
"sendmmsg",
"sendmsg",
"sendto",
+ "setns",
"set_robust_list",
"set_thread_area",
"set_tid_address",
|
