diff --git a/containers-common.spec b/containers-common.spec index 279c127..2d75b71 100644 --- a/containers-common.spec +++ b/containers-common.spec @@ -12,7 +12,7 @@ Epoch: 2 Name: containers-common Version: 1 -Release: 11%{?dist} +Release: 12%{?dist} Summary: Common configuration and documentation for containers License: ASL 2.0 BuildArch: noarch @@ -36,7 +36,7 @@ Source4: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs #Source5: https://raw.githubusercontent.com/containers/image/%%{image_branch}/registries.conf Source5: registries.conf Source6: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-policy.json.5.md -Source7: https://raw.githubusercontent.com/containers/common/main/pkg/seccomp/seccomp.json +Source7: https://raw.githubusercontent.com/containers/common/%{common_branch}/pkg/seccomp/seccomp.json Source8: https://raw.githubusercontent.com/containers/common/%{common_branch}/docs/containers-mounts.conf.5.md Source9: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-signature.5.md Source10: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-transports.5.md @@ -160,6 +160,11 @@ EOF %{_datadir}/rhel/secrets/* %changelog +* Tue Nov 16 2021 Jindrich Novy - 2:1-12 +- consume seccomp.json from the oldest vendored version of c/common, + not main branch +- Related: #2000051 + * Fri Nov 12 2021 Jindrich Novy - 2:1-11 - use ubi8/pause as ubi9/pause is not available yet - Related: #2000051 diff --git a/seccomp.json b/seccomp.json index 4d66196..7f79d25 100644 --- a/seccomp.json +++ b/seccomp.json @@ -1,7 +1,6 @@ { "defaultAction": "SCMP_ACT_ERRNO", "defaultErrnoRet": 38, - "defaultErrno": "ENOSYS", "archMap": [ { "architecture": "SCMP_ARCH_X86_64", @@ -88,8 +87,7 @@ "comment": "", "includes": {}, "excludes": {}, - "errnoRet": 1, - "errno": "EPERM" + "errnoRet": 1 }, { "names": [ @@ -653,8 +651,7 @@ "CAP_DAC_READ_SEARCH" ] }, - "errnoRet": 1, - "errno": "EPERM" + "errnoRet": 1 }, { "names": [ @@ -697,8 +694,7 @@ "CAP_SYS_ADMIN" ] }, - "errnoRet": 1, - "errno": "EPERM" + "errnoRet": 1 }, { "names": [ @@ -727,8 +723,7 @@ "CAP_SYS_CHROOT" ] }, - "errnoRet": 1, - "errno": "EPERM" + "errnoRet": 1 }, { "names": [ @@ -763,8 +758,7 @@ "CAP_SYS_MODULE" ] }, - "errnoRet": 1, - "errno": "EPERM" + "errnoRet": 1 }, { "names": [ @@ -793,8 +787,7 @@ "CAP_SYS_PACCT" ] }, - "errnoRet": 1, - "errno": "EPERM" + "errnoRet": 1 }, { "names": [ @@ -831,8 +824,7 @@ "CAP_SYS_PTRACE" ] }, - "errnoRet": 1, - "errno": "EPERM" + "errnoRet": 1 }, { "names": [ @@ -863,8 +855,7 @@ "CAP_SYS_RAWIO" ] }, - "errnoRet": 1, - "errno": "EPERM" + "errnoRet": 1 }, { "names": [ @@ -899,8 +890,7 @@ "CAP_SYS_TIME" ] }, - "errnoRet": 1, - "errno": "EPERM" + "errnoRet": 1 }, { "names": [ @@ -929,8 +919,7 @@ "CAP_SYS_TTY_CONFIG" ] }, - "errnoRet": 1, - "errno": "EPERM" + "errnoRet": 1 }, { "names": [ @@ -958,8 +947,7 @@ "CAP_AUDIT_WRITE" ] }, - "errnoRet": 22, - "errno": "EINVAL" + "errnoRet": 22 }, { "names": [