summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot
diff options
context:
space:
mode:
Diffstat (limited to 'runsc/boot')
-rw-r--r--runsc/boot/filter/config.go24
1 files changed, 24 insertions, 0 deletions
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index bf690160c..4fb9adca6 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -313,11 +313,21 @@ func hostInetFilters() seccomp.SyscallRules {
{
seccomp.AllowAny{},
seccomp.AllowValue(syscall.SOL_IP),
+ seccomp.AllowValue(syscall.IP_TOS),
+ },
+ {
+ seccomp.AllowAny{},
+ seccomp.AllowValue(syscall.SOL_IP),
seccomp.AllowValue(syscall.IP_RECVTOS),
},
{
seccomp.AllowAny{},
seccomp.AllowValue(syscall.SOL_IPV6),
+ seccomp.AllowValue(syscall.IPV6_TCLASS),
+ },
+ {
+ seccomp.AllowAny{},
+ seccomp.AllowValue(syscall.SOL_IPV6),
seccomp.AllowValue(syscall.IPV6_RECVTCLASS),
},
{
@@ -426,6 +436,13 @@ func hostInetFilters() seccomp.SyscallRules {
{
seccomp.AllowAny{},
seccomp.AllowValue(syscall.SOL_IP),
+ seccomp.AllowValue(syscall.IP_TOS),
+ seccomp.AllowAny{},
+ seccomp.AllowValue(4),
+ },
+ {
+ seccomp.AllowAny{},
+ seccomp.AllowValue(syscall.SOL_IP),
seccomp.AllowValue(syscall.IP_RECVTOS),
seccomp.AllowAny{},
seccomp.AllowValue(4),
@@ -433,6 +450,13 @@ func hostInetFilters() seccomp.SyscallRules {
{
seccomp.AllowAny{},
seccomp.AllowValue(syscall.SOL_IPV6),
+ seccomp.AllowValue(syscall.IPV6_TCLASS),
+ seccomp.AllowAny{},
+ seccomp.AllowValue(4),
+ },
+ {
+ seccomp.AllowAny{},
+ seccomp.AllowValue(syscall.SOL_IPV6),
seccomp.AllowValue(syscall.IPV6_RECVTCLASS),
seccomp.AllowAny{},
seccomp.AllowValue(4),