Update seccomp profiles
achimnol opened this issue · comments
ref) https://docs.docker.com/engine/release-notes/ (20.10 series)
- seccomp: Whitelist clock_adjtime. CAP_SYS_TIME is still required for time adjustment moby/moby#40929
- seccomp: Add openat2 and faccessat2 to default seccomp profile moby/moby#41353
- seccomp: allow ‘rseq’ syscall in default seccomp profile moby/moby#41158
- seccomp: allow syscall membarrier moby/moby#40731
- seccomp: whitelist io-uring related system calls moby/moby#39415
- Fix seccomp profile for clone syscall moby/moby#39308