!335 [sync] PR-330: docker:add clone3 seccomp whitelist for arm64
From: @openeuler-sync-bot Reviewed-by: @zhangsong234 Signed-off-by: @zhangsong234
This commit is contained in:
openeuler-ci-bot
Gitee
commit
3c585dd996
@ -1 +1 @@
|
|||||||
18.09.0.339
|
18.09.0.340
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
Name: docker-engine
|
Name: docker-engine
|
||||||
Version: 18.09.0
|
Version: 18.09.0
|
||||||
Release: 339
|
Release: 340
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
Summary: The open-source application container engine
|
Summary: The open-source application container engine
|
||||||
Group: Tools/Docker
|
Group: Tools/Docker
|
||||||
@ -227,6 +227,12 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Aug 02 2024 zhongjiawei<zhongjiawei1@huawei.com> - 2:18.09.0-340
|
||||||
|
- Type:bugfix
|
||||||
|
- CVE:NA
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:add clone3 seccomp whitelist for arm64
|
||||||
|
|
||||||
* Fri Jul 26 2024 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-339
|
* Fri Jul 26 2024 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-339
|
||||||
- Type:CVE
|
- Type:CVE
|
||||||
- CVE:CVE-2024-41110
|
- CVE:CVE-2024-41110
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
bb54f3063f3fc856630a6f3d5a52bf065d5eb045
|
29173030b7e118013ed3e8a3773492c40928bb9c
|
||||||
|
|||||||
@ -0,0 +1,41 @@
|
|||||||
|
From c2bc614038532cfbd1db9bfe8ff3949b1867a5c5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: zhongjiawei <zhongjiawei1@huawei.com>
|
||||||
|
Date: Fri, 2 Aug 2024 16:26:00 +0800
|
||||||
|
Subject: [PATCH] docker:add clone3 seccomp whitelist for arm64
|
||||||
|
|
||||||
|
---
|
||||||
|
components/engine/profiles/seccomp/seccomp_default.go | 11 ++++++++++-
|
||||||
|
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/components/engine/profiles/seccomp/seccomp_default.go b/components/engine/profiles/seccomp/seccomp_default.go
|
||||||
|
index 2c670623..a90e441c 100644
|
||||||
|
--- a/components/engine/profiles/seccomp/seccomp_default.go
|
||||||
|
+++ b/components/engine/profiles/seccomp/seccomp_default.go
|
||||||
|
@@ -482,7 +482,6 @@ func DefaultProfile() *types.Seccomp {
|
||||||
|
{
|
||||||
|
Names: []string{
|
||||||
|
"modify_ldt",
|
||||||
|
- "clone3",
|
||||||
|
},
|
||||||
|
Action: types.ActAllow,
|
||||||
|
Args: []*types.Arg{},
|
||||||
|
@@ -490,6 +489,16 @@ func DefaultProfile() *types.Seccomp {
|
||||||
|
Arches: []string{"amd64", "x32", "x86"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
+ {
|
||||||
|
+ Names: []string{
|
||||||
|
+ "clone3",
|
||||||
|
+ },
|
||||||
|
+ Action: types.ActAllow,
|
||||||
|
+ Args: []*types.Arg{},
|
||||||
|
+ Includes: types.Filter{
|
||||||
|
+ Arches: []string{"arm64", "amd64", "x32", "x86"},
|
||||||
|
+ },
|
||||||
|
+ },
|
||||||
|
{
|
||||||
|
Names: []string{
|
||||||
|
"s390_pci_mmio_read",
|
||||||
|
--
|
||||||
|
2.33.0
|
||||||
|
|
||||||
@ -275,4 +275,5 @@ patch/0274-docker-fix-CVE-2024-29018.patch
|
|||||||
patch/0275-backport-fix-CVE-2024-32473.patch
|
patch/0275-backport-fix-CVE-2024-32473.patch
|
||||||
patch/0276-docker-Ignore-SIGURG-on-Linux.patch
|
patch/0276-docker-Ignore-SIGURG-on-Linux.patch
|
||||||
patch/0277-backport-fix-CVE-2024-41110.patch
|
patch/0277-backport-fix-CVE-2024-41110.patch
|
||||||
|
patch/0278-docker-add-clone3-seccomp-whitelist-for-arm64.patch
|
||||||
#end
|
#end
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user