freeipa

Clone
Source Code
GIT

8f1dda6 seccomp profile: Default to ENOSYS instead of EPERM

1 file Authored by slev 2 years ago, Committed by frenaud 2 years ago,
raw patch tree parent
1 file changed. 327 lines added. 86 lines removed.
ipatests/azure/Dockerfiles/seccomp.json
file modified
+327 -86 
    seccomp profile: Default to ENOSYS instead of EPERM
    
    This allows application to detect whether the kernel supports
    syscall or not. Previously, an error was unconditionally EPERM.
    There are many issues about glibc failed with new syscalls in containerized
    environments if their host run on old kernel.
    
    More about motivation for ENOSYS over EPERM:
    https://github.com/opencontainers/runc/issues/2151
    https://github.com/opencontainers/runc/pull/2750
    
    See about defaultErrnoRet introduction:
    https://github.com/opencontainers/runtime-spec/pull/1087
    
    Previously, FreeIPA profile was vendored from
    https://github.com/containers/podman/blob/main/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
    
    Now it is merged directly from
    https://github.com/containers/common/blob/main/pkg/seccomp/seccomp.json
    
    Fixes: https://pagure.io/freeipa/issue/9008
    Signed-off-by: Stanislav Levin <slev@altlinux.org>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
file modified
+327 -86
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.