Merge pull request #753 from ManaSugi/seccomp-seprate-condition

giuseppe · web-flow · commit 0ababfccdb27 · 2022-10-26T22:17:29.000+02:00
seccomp: Separate conditions for personality syscall into single rule
diff --git a/generate/seccomp/seccomp_default.go b/generate/seccomp/seccomp_default.go
@@ -354,11 +354,23 @@ func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp {
 					Value: 0x0,
 					Op:    rspec.OpEqualTo,
 				},
+			},
+		},
+		{
+			Names:  []string{"personality"},
+			Action: rspec.ActAllow,
+			Args: []rspec.LinuxSeccompArg{
 				{
 					Index: 0,
 					Value: 0x0008,
 					Op:    rspec.OpEqualTo,
 				},
+			},
+		},
+		{
+			Names:  []string{"personality"},
+			Action: rspec.ActAllow,
+			Args: []rspec.LinuxSeccompArg{
 				{
 					Index: 0,
 					Value: 0xffffffff,
