diff options
| author | Robert Tonic <btonic@users.noreply.github.com> | 2019-09-24 18:37:25 -0400 |
|---|---|---|
| committer | Robert Tonic <btonic@users.noreply.github.com> | 2019-09-24 18:37:25 -0400 |
| commit | 9ebd498a55fa87129cdc60cdc3bca66f26c49454 (patch) | |
| tree | db1db52ace9e62f6cc1e5f1792326f95b78e97b2 /runsc | |
| parent | 7810b30983ec4d3a706df01163c29814cd21d6ca (diff) | |
Remove unecessary seccomp permission.
This removes the F_DUPFD_CLOEXEC support for the gofer, previously
required when depending on the STL net package.
Diffstat (limited to 'runsc')
| -rw-r--r-- | runsc/fsgofer/filter/config.go | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/runsc/fsgofer/filter/config.go b/runsc/fsgofer/filter/config.go index 8989cdb2f..a3f104a58 100644 --- a/runsc/fsgofer/filter/config.go +++ b/runsc/fsgofer/filter/config.go @@ -83,10 +83,6 @@ var allowedSyscalls = seccomp.SyscallRules{ seccomp.AllowAny{}, seccomp.AllowValue(syscall.F_GETFD), }, - { - seccomp.AllowAny{}, - seccomp.AllowValue(syscall.F_DUPFD_CLOEXEC), - }, }, syscall.SYS_FSTAT: {}, syscall.SYS_FSTATFS: {}, |