seccomp: Allow personality with UNAME26 bit set.

From personality(2): Have uname(2) report a 2.6.40+ version number rather than a 3.x version number. Added as a stopgap measure to support broken applications that could not handle the kernel version-numbering switch from 2.6.x to 3.x. This allows both "UNAME26|PER_LINUX" and "UNAME26|PER_LINUX32". Fixes: #32839 Signed-off-by: Ian Campbell <ian.campbell@docker.com>
author: Ian Campbell <ian.campbell@docker.com> 2017-05-02 15:05:01 +0100
committer: Ian Campbell <ian.campbell@docker.com> 2017-05-02 15:05:01 +0100
commit: cd456433ea2a02ed0016314fc4959b5f1a9c40a3 (patch)
tree: 0056bc9590f76386a011ecbe76760e99b4ed53f0 /profiles
parent: 1d0b921d70824c8cc7ae05fe0a6bdf0b49e50816 (diff)
download: docker-cd456433ea2a02ed0016314fc4959b5f1a9c40a3.tar.gz
2 files changed, 56 insertions, 0 deletions
diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
index 01ff1a4c56..364505090d 100755
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@@ -406,6 +406,40 @@
 			"args": [
 				{
 					"index": 0,
+					"value": 131072,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"personality"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
+					"value": 131080,
+					"valueTwo": 0,
+					"op": "SCMP_CMP_EQ"
+				}
+			],
+			"comment": "",
+			"includes": {},
+			"excludes": {}
+		},
+		{
+			"names": [
+				"personality"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [
+				{
+					"index": 0,
 					"value": 4294967295,
 					"valueTwo": 0,
 					"op": "SCMP_CMP_EQ"
diff --git a/profiles/seccomp/seccomp_default.go b/profiles/seccomp/seccomp_default.go
index 42bc3baa4b..6a8dc4ed3b 100644
--- a/profiles/seccomp/seccomp_default.go
+++ b/profiles/seccomp/seccomp_default.go
@@ -383,6 +383,28 @@ func DefaultProfile() *types.Seccomp {
 			Args: []*types.Arg{
 				{
 					Index: 0,
+					Value: 0x20000,
+					Op:    types.OpEqualTo,
+				},
+			},
+		},
+		{
+			Names:  []string{"personality"},
+			Action: types.ActAllow,
+			Args: []*types.Arg{
+				{
+					Index: 0,
+					Value: 0x20008,
+					Op:    types.OpEqualTo,
+				},
+			},
+		},
+		{
+			Names:  []string{"personality"},
+			Action: types.ActAllow,
+			Args: []*types.Arg{
+				{
+					Index: 0,
 					Value: 0xffffffff,
 					Op:    types.OpEqualTo,
 				},
author	Ian Campbell <ian.campbell@docker.com>	2017-05-02 15:05:01 +0100
committer	Ian Campbell <ian.campbell@docker.com>	2017-05-02 15:05:01 +0100
commit	cd456433ea2a02ed0016314fc4959b5f1a9c40a3 (patch)
tree	0056bc9590f76386a011ecbe76760e99b4ed53f0 /profiles
parent	1d0b921d70824c8cc7ae05fe0a6bdf0b49e50816 (diff)
download	docker-cd456433ea2a02ed0016314fc4959b5f1a9c40a3.tar.gz