8000 seccomp: add arch-specific syscalls on ARM by trusch · Pull Request #3636 · rkt/rkt · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
This repository was archived by the owner on Feb 24, 2020. It is now read-only.

seccomp: add arch-specific syscalls on ARM #3636

Merged
merged 1 commit into from
May 10, 2017
Merged

seccomp: add arch-specific syscalls on ARM #3636

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions stage1/init/common/seccomp_wildcards.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@

package common

import "runtime"

// seccomp default whitelists/blacklists.
// rkt tries not to diverge from docker here, for the moment.

Expand Down Expand Up @@ -392,10 +394,26 @@ var (
"vm86old",
}

//RktDefaultSeccompArmWhitelist contains the additional needed syscalls for arm support
RktDefaultSeccompArmWhitelist = []string{
"arm_fadvise64_64",
"arm_sync_file_range",
"breakpoint",
"cacheflush",
"set_tls",
"sync_file_range2",
}

// RktDefaultSeccompBlacklist contains a default blacklist of syscalls,
// used by rkt for seccomp filtering.
RktDefaultSeccompBlacklist = DockerDefaultSeccompBlacklist
// RktDefaultSeccompWhitelist contains a default whitelist of syscalls,
// used by rkt for seccomp filtering.
RktDefaultSeccompWhitelist = DockerDefaultSeccompWhitelist
)

func init() {
if arch := runtime.GOARCH; arch == "arm" || arch == "arm64" {
RktDefaultSeccompWhitelist = append(RktDefaultSeccompWhitelist, RktDefaultSeccompArmWhitelist...)
}
}
0