seccomp profile: Default to ENOSYS instead of EPERM · stanislavlevin/freeipa@194ad8d

Commit

seccomp profile: Default to ENOSYS instead of EPERM

This allows application to detect whether the kernel supports
syscall or not. Previously, an error unconditionally was EPERM.
There are many issues about glibc failed to new syscalls in containerized
environments for which host run on old kernel.

More about motivation for ENOSYS over EPERM:
opencontainers/runc#2151
opencontainers/runc#2750

See about defaultErrnoRet introduction:
opencontainers/runtime-spec#1087

Previously, FreeIPA profile was vendored from
https://github.com/containers/podman/blob/main/vendor/github.com/containers/common/pkg/seccomp/seccomp.json

Now it is merged directly from
https://github.com/containers/common/blob/main/pkg/seccomp/seccomp.json

Loading branch information

stanislavlevin committed Oct 15, 2021

1 parent 63220ab commit 194ad8d

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `194ad8d`

Commit

There are no files selected for viewing

0 comments on commit 194ad8d

0 comments on commit `194ad8d`