Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

seccomp: add pidfd syscalls #41665

Merged
merged 2 commits into from
Nov 13, 2020
Merged

seccomp: add pidfd syscalls #41665

merged 2 commits into from
Nov 13, 2020

Conversation

mikroskeem
Copy link
Contributor

- What I did

Added pidfd_{getfd, open, send_signal} syscalls into default seccomp profile, closes issue #41664.

- How I did it

By adding syscall names into the json file.

- How to verify it

See docker/for-linux#1142 reproduction steps.

- Description for the changelog

Add support for pidfd_* syscalls into default seccomp profile. Closes #41664

- A picture of a cute animal (not mandatory but encouraged)

Maybe this Bernese Mountain Dog will do

@mikroskeem mikroskeem changed the title seccomp: add pidfd syscalls support seccomp: add pidfd syscalls Nov 11, 2020
@mikroskeem
seccomp: Add pidfd_open and pidfd_send_signal
5e3ffe6 
Signed-off-by: Mark Vainomaa <mikroskeem@mikroskeem.eu>
@mikroskeem mikroskeem force-pushed the 41664-pidfd-syscalls-support branch 2 times, most recently from 013520e to e5e238b Compare November 11, 2020 14:31
@AkihiroSuda AkihiroSuda added area/security/seccomp kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. labels Nov 11, 2020
@thaJeztah
Copy link
Member

@justincormack PTAL

@mikroskeem
Copy link
Contributor Author

Should I also create a separate PR against 19.03 branch btw?

@thaJeztah
Copy link
Member

Should I also create a separate PR against 19.03 branch btw?

Changes to the 19.03 branch are backported / cherry-picked after a PR is merged on master. (Also wanting to wait for review, and to discuss if this change is "safe" to backport to 19.03, as docker 20.10 is imminent, and 19.03 is quite late in its support cycle).

If this PR is accepted/merged, a PR should likely be opened in the containerd repository as well, to update the seccomp-profile accordingly

@mikroskeem
seccomp: Add pidfd_getfd syscall
f7bcb02 
Signed-off-by: Mark Vainomaa <mikroskeem@mikroskeem.eu>
@justincormack justincormack merged commit b6bfff2 into moby:master Nov 13, 2020
@thaJeztah thaJeztah added this to the 20.10.0 milestone Nov 13, 2020
This was referenced Nov 13, 2020
Merged
Merged
@delfer delfer mentioned this pull request Oct 30, 2023
Open
@talex5 talex5 mentioned this pull request Mar 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda left review comments

@justincormack justincormack justincormack approved these changes

Assignees
No one assigned
Labels
area/security/seccomp impact/changelog kind/enhancement Enhancements are not bugs or new features but can improve usability or performance.
Projects
None yet
Milestone
20.10.0
Development

Successfully merging this pull request may close these issues.

pidfd_send_signal and pidfd_open syscalls support
4 participants
@mikroskeem @thaJeztah @justincormack @AkihiroSuda