Skip to content

Commit

Permalink
Update system-probe secccomp profile (#501) (#528)
Browse files Browse the repository at this point in the history 
Co-authored-by: Bryce Kahle <bryce.kahle@datadoghq.com>
  • Loading branch information
@celenechang @brycekahle
celenechang and brycekahle committed Jun 24, 2022
1 parent e2b60a9 commit efb6e91
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions controllers/datadogagent/systemprobe.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ const systemProbeSecCompData = `{
"fchownat",
"fcntl",
"fcntl64",
"flock",
"fstat",
"fstat64",
"fstatfs",
Expand Down Expand Up @@ -212,6 +213,8 @@ const systemProbeSecCompData = `{
"recvmmsg",
"recvmsg",
"rename",
"renameat",
"renameat2",
"restart_syscall",
"rmdir",
"rt_sigaction",
Expand All @@ -237,6 +240,7 @@ const systemProbeSecCompData = `{
"setgid32",
"setgroups",
"setgroups32",
"setitimer",
"setns",
"setrlimit",
"setsid",
Expand All @@ -252,6 +256,7 @@ const systemProbeSecCompData = `{
"stat64",
"statfs",
"sysinfo",
"symlinkat",
"tgkill",
"umask",
"uname",
Expand Down Expand Up @@ -284,6 +289,22 @@ const systemProbeSecCompData = `{
"comment": "",
"includes": {},
"excludes": {}
},
{
"names": [
"kill"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 1,
"value": 0,
"op": "SCMP_CMP_EQ"
}
],
"comment": "allow process detection via kill",
"includes": {},
"excludes": {}
}
]
}
Expand Down

0 comments on commit efb6e91

Please sign in to comment.