Skip to content

Commit

Permalink
seccomp: kernel 6.7
Browse files Browse the repository at this point in the history 
The following syscalls were added since kernel v5.16:
- v5.17 (libseccomp v2.5.4): set_mempolicy_home_node
- v6.5  (libseccomp v2.5.5): cachestat
- v6.6  (libseccomp v2.5.5): fchmodat2, map_shadow_stack
- v6.7  (libseccomp v2.5.5): futex_wake, futex_wait, futex_requeue

[Not covered in this commit]
- v6.8-rc1: statmount, listmount, lsm_get_self_attr, lsm_set_self_attr, lsm_list_modules

ref:
- `syscalls: update the syscall list for Linux v5.17` (libseccomp v2.5.4)
   seccomp/libseccomp@d83cb7a
- `all: update the syscall table for Linux v6.7-rc3`  (libseccomp v2.5.5)
   seccomp/libseccomp@53267af

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
  • Loading branch information
@AkihiroSuda
AkihiroSuda authored and k8s-infra-cherrypick-robot committed Jan 25, 2024
1 parent 1944259 commit 1bed378
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions contrib/seccomp/seccomp_default.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"alarm",
"bind",
"brk",
"cachestat", // kernel v6.5, libseccomp v2.5.5
"capget",
"capset",
"chdir",
Expand Down Expand Up @@ -109,6 +110,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"fchdir",
"fchmod",
"fchmodat",
"fchmodat2", // kernel v6.6, libseccomp v2.5.5
"fchown",
"fchown32",
"fchownat",
Expand All @@ -130,8 +132,11 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"ftruncate",
"ftruncate64",
"futex",
"futex_requeue", // kernel v6.7, libseccomp v2.5.5
"futex_time64",
"futex_wait", // kernel v6.7, libseccomp v2.5.5
"futex_waitv",
"futex_wake", // kernel v6.7, libseccomp v2.5.5
"futimesat",
"getcpu",
"getcwd",
Expand Down Expand Up @@ -217,6 +222,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"mlock",
"mlock2",
"mlockall",
"map_shadow_stack", // kernel v6.6, libseccomp v2.5.5
"mmap",
"mmap2",
"mprotect",
Expand Down Expand Up @@ -674,6 +680,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"get_mempolicy",
"mbind",
"set_mempolicy",
"set_mempolicy_home_node", // kernel v5.17, libseccomp v2.5.4
},
Action: specs.ActAllow,
Args: []specs.LinuxSeccompArg{},
Expand Down

0 comments on commit 1bed378

Please sign in to comment.