summaryrefslogtreecommitdiff
path: root/profiles
Commit message (Expand)AuthorAgeFilesLines
* profiles/apparmor: remove use of aaparser.GetVersion()Sebastiaan van Stijn2023-05-081-12/+2
* profiles/apparmor: remove version-conditional constraints (< 2.8.96)Sebastiaan van Stijn2023-02-081-4/+0
* seccomp: block socket calls to AF_VSOCK in default profileSebastiaan van Stijn2022-12-012-2/+26
* seccomp: allow "bpf", "perf_event_open", gated by CAP_BPF, CAP_PERFMONSebastiaan van Stijn2022-08-182-0/+44
* profiles: seccomp: add syscalls related to PKU in default policyzhubojun2022-07-112-0/+6
* profiles: seccomp: allow clock_settime64 when CAP_SYS_TIME is addedBastien Pascard2022-07-062-1/+3
* Fix AppArmor profile docker-default /proc/sys rulePhil Sphicas2022-06-301-1/+1
* all: use unix.ByteSliceToString for utsname fieldsKir Kolyshkin2022-05-181-2/+1
* Allow different syscalls from kernels 5.12 -> 5.16Djordje Lukic2022-05-132-0/+10
* Merge pull request #43553 from AkihiroSuda/riscv64Justin Cormack2022-05-132-0/+30
|\
| * seccomp: support riscv64Akihiro Suda2022-05-022-0/+30
* | Merge pull request #43199 from Xyene/allow-landlockSebastiaan van Stijn2022-05-132-0/+6
|\ \
| * | seccomp: add support for Landlock syscalls in default policyTudor Brindus2022-01-312-0/+6
| |/
* | Remove "seccomp" build tagTianon Gravi2022-05-122-12/+0
|/
* seccomp: add support for "swapcontext" syscall in default policySören Tempel2021-12-182-1/+3
* refactor: move from io/ioutil to io and os packageEng Zer Jun2021-08-273-11/+9
* Update to Go 1.17.0, and gofmt with Go 1.17Sebastiaan van Stijn2021-08-246-0/+6
* Merge pull request #42649 from kinvolk/rata/seccomp-default-errnoSebastiaan van Stijn2021-08-034-2/+8
|\
| * seccomp: Use explicit DefaultErrnoRetRodrigo Campos2021-07-304-2/+8
* | seccomp: add support for "clone3" syscall in default policyDaniel P. Berrangé2021-07-272-0/+27
|/
* seccomp: Seccomp: embed oci-spec LinuxSeccomp, add support for seccomp flagsSebastiaan van Stijn2021-07-174-22/+32
* seccomp: setupSeccomp(): update errors and remove redundant checkSebastiaan van Stijn2021-07-171-13/+9
* seccomp: add additional unit-testsSebastiaan van Stijn2021-07-161-2/+38
* seccomp: use oci-spec consts in testsSebastiaan van Stijn2021-07-161-8/+8
* seccomp: improve GoDoc for Seccomp fieldsSebastiaan van Stijn2021-07-161-3/+13
* seccomp: Sync fields with runtime-spec fieldsRodrigo Campos2021-07-083-1/+49
* profiles/seccomp.Syscall: use pointers and omitemptySebastiaan van Stijn2021-06-174-132/+80
* seccomp.Syscall: embed runtime-spec Syscall typeSebastiaan van Stijn2021-06-176-563/+609
* Enable `process_vm_readv` and `process_vm_writev` for kernel > 4.8clubby7892021-03-042-1/+7
* profiles: seccomp: update to Linux 5.11 syscall listAleksa Sarai2021-01-272-0/+18
* seccomp: Add pidfd_getfd syscallMark Vainomaa2020-11-122-0/+2
* seccomp: Add pidfd_open and pidfd_send_signalMark Vainomaa2020-11-112-0/+4
* seccomp: implement marshal/unmarshall for MinVersionSebastiaan van Stijn2020-10-076-45/+145
* seccomp: add test for unmarshal default profileSebastiaan van Stijn2020-10-021-0/+23
* seccomp: remove dependency on pkg/parsers/kernelSebastiaan van Stijn2020-10-024-20/+200
* seccomp: remove dependency on oci packageSebastiaan van Stijn2020-09-292-4/+75
* seccomp: add test for loading old JSON formatSebastiaan van Stijn2020-09-282-0/+1606
* seccomp: replace types with runtime-spec typesSebastiaan van Stijn2020-09-184-182/+109
* seccomp: move seccomp types from api into seccomp profileSebastiaan van Stijn2020-09-184-124/+212
* Merge pull request #41395 from cpuguy83/no_libseccompSebastiaan van Stijn2020-09-152-21/+39
|\
| * Remove dependency in dockerd on libseccompBrian Goff2020-09-112-21/+39
* | Merge pull request #41337 from cyphar/apparmor-update-profileJustin Cormack2020-09-111-2/+10
|\ \ | |/ |/|
| * apparmor: permit signals from unconfined programsAleksa Sarai2020-08-111-2/+10
* | Add faccessat2 to default seccomp profile.Jintao Zhang2020-08-172-0/+2
* | Add openat2 to default seccomp profile.Jintao Zhang2020-08-162-0/+2
|/
* Replace uses of blacklist/whitelistSebastiaan van Stijn2020-07-141-1/+1
* seccomp: allow 'rseq' syscall in default seccomp profileFlorian Schmaus2020-06-262-0/+2
* Merge pull request #40995 from KentaTada/remove-unused-syscallJustin Cormack2020-05-282-3/+1
|\
| * seccomp: remove the unused query_module(2)Kenta Tada2020-05-192-3/+1
* | Merge pull request #40731 from sqreen/fix/seccomp-profileAkihiro Suda2020-05-202-0/+2
|\ \ | |/ |/|
View Lorry Controller Status