IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-23 07:33:27 -06:00
Code Issues Packages Projects Releases Wiki Activity
5a00882eab
freeipa/ipatests/azure/Dockerfiles
History
Stanislav Levin 8f1dda6404 seccomp profile: Default to ENOSYS instead of EPERM 
This allows application to detect whether the kernel supports
syscall or not. Previously, an error was unconditionally EPERM.
There are many issues about glibc failed with new syscalls in containerized
environments if their host run on old kernel.

More about motivation for ENOSYS over EPERM:
https://github.com/opencontainers/runc/issues/2151
https://github.com/opencontainers/runc/pull/2750

See about defaultErrnoRet introduction:
https://github.com/opencontainers/runtime-spec/pull/1087

Previously, FreeIPA profile was vendored from
https://github.com/containers/podman/blob/main/vendor/github.com/containers/common/pkg/seccomp/seccomp.json

Now it is merged directly from
https://github.com/containers/common/blob/main/pkg/seccomp/seccomp.json

Fixes: https://pagure.io/freeipa/issue/9008
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-10-18 12:08:56 +02:00
..
docker-compose.yml azure: Make it possible to adjust Docker resources per test env 2021-05-25 10:45:49 +03:00
Dockerfile.build.fedora azure: Mask systemd-resolved 2021-05-25 10:45:49 +03:00
Dockerfile.build.rawhide azure: Mask systemd-resolved 2021-05-25 10:45:49 +03:00
seccomp.json seccomp profile: Default to ENOSYS instead of EPERM 2021-10-18 12:08:56 +02:00