Restrict seccomp filters for UDS support.
This commit further restricts the seccomp filters required for Gofer access ot Unix Domain Sockets (UDS).
This commit is contained in:
parent
c319b360d1
commit
07d329d89f
|
@ -39,6 +39,8 @@ var allowedSyscalls = seccomp.SyscallRules{
|
||||||
syscall.SYS_SETSOCKOPT: []seccomp.Rule{
|
syscall.SYS_SETSOCKOPT: []seccomp.Rule{
|
||||||
{
|
{
|
||||||
seccomp.AllowAny{},
|
seccomp.AllowAny{},
|
||||||
|
seccomp.AllowValue(syscall.SOL_SOCKET),
|
||||||
|
seccomp.AllowValue(syscall.SO_BROADCAST),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
syscall.SYS_GETSOCKNAME: []seccomp.Rule{
|
syscall.SYS_GETSOCKNAME: []seccomp.Rule{
|
||||||
|
@ -110,6 +112,7 @@ var allowedSyscalls = seccomp.SyscallRules{
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
seccomp.AllowAny{},
|
seccomp.AllowAny{},
|
||||||
|
seccomp.AllowValue(syscall.F_DUPFD_CLOEXEC),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
syscall.SYS_FSTAT: {},
|
syscall.SYS_FSTAT: {},
|
||||||
|
|
Loading…
Reference in New Issue