Check for incompatible/incomplete options #3

Neues Issue

crtxcr · 2020-09-26T13:03:57+02:00

crtxcr hat

2020-09-26 13:03:57 +02:00

kommentiert

Besitzer

Currenlty, no_new_privs can be 0 and seccomp filtering enabled, causing prctl to fail

Possible solutions:

Silently enable no_new_privs when seccomp filter given (probably not)
Check for this and drop out with an error message. Check other combinations like this.

Same problem with chroot and namespaces options

Currenlty, no_new_privs can be 0 and seccomp filtering enabled, causing prctl to fail Possible solutions: 1) Silently enable no_new_privs when seccomp filter given (probably not) 2) Check for this and drop out with an error message. Check other combinations like this. Same problem with chroot and namespaces options

crtxcr hat den Titel von ~~Check for no_new_privs required for seccomp filtering~~ zu Check for no_new_privs for seccomp filtering 2020-09-26 13:04:04 +02:00 geändert

crtxcr hat den Titel von ~~Check for no_new_privs for seccomp filtering~~ zu Check for incompatible/incomplete options 2020-09-26 16:20:15 +02:00 geändert

crtxcr hat dieses Issue

2021-05-09 12:57:57 +02:00

aus einem Commit referenziert

Begin check_policy_sanity(): Checks whether policy is reasonable

crtxcr hat dieses Issue

2021-05-09 13:00:02 +02:00

aus einem Commit referenziert

Begin check_policy_sanity(): Checks whether policy is reasonable

Anmelden, um an der Diskussion teilzunehmen.