rpms/skopeo
5
0
Fork 0
Code Issues Pull Requests Releases Activity

skopeo-1.3.1-8.el9

Browse Source 
- update seccomp.json from Fedora to allow clone3 to pass
- Related: #1970747

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
This commit is contained in:
Jindrich Novy 2021-07-26 17:36:41 +02:00
parent 9187ce3d95
commit 9e66845657
2 changed files with 205 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

207
seccomp.json
View File

@ -1,5 +1,6 @@
{ {
"defaultAction": "SCMP_ACT_ERRNO", "defaultAction": "SCMP_ACT_ERRNO",
"defaultErrnoRet": 38,
"archMap": [ "archMap": [
{ {
"architecture": "SCMP_ARCH_X86_64", "architecture": "SCMP_ARCH_X86_64",
@ -50,6 +51,44 @@
} }
], ],
"syscalls": [ "syscalls": [
{
"names": [
"bdflush",
"io_pgetevents",
"kexec_file_load",
"kexec_load",
"migrate_pages",
"move_pages",
"nfsservctl",
"nice",
"oldfstat",
"oldlstat",
"oldolduname",
"oldstat",
"olduname",
"pciconfig_iobase",
"pciconfig_read",
"pciconfig_write",
"sgetmask",
"ssetmask",
"swapcontext",
"swapoff",
"swapon",
"sysfs",
"uselib",
"userfaultfd",
"ustat",
"vm86",
"vm86old",
"vmsplice"
],
"action": "SCMP_ACT_ERRNO",
"args": [],
"comment": "",
"includes": {},
"excludes": {},
"errnoRet": 1
},
{ {
"names": [ "names": [
"_llseek", "_llseek",
@ -76,6 +115,7 @@
"clock_nanosleep", "clock_nanosleep",
"clock_nanosleep_time64", "clock_nanosleep_time64",
"clone", "clone",
"clone3",
"close", "close",
"close_range", "close_range",
"connect", "connect",
@ -132,6 +172,7 @@
"ftruncate", "ftruncate",
"ftruncate64", "ftruncate64",
"futex", "futex",
"futex_time64",
"futimesat", "futimesat",
"get_robust_list", "get_robust_list",
"get_thread_area", "get_thread_area",
@ -148,6 +189,7 @@
"getgroups", "getgroups",
"getgroups32", "getgroups32",
"getitimer", "getitimer",
"get_mempolicy",
"getpeername", "getpeername",
"getpgid", "getpgid",
"getpgrp", "getpgrp",
@ -198,6 +240,7 @@
"lstat", "lstat",
"lstat64", "lstat64",
"madvise", "madvise",
"mbind",
"memfd_create", "memfd_create",
"mincore", "mincore",
"mkdir", "mkdir",
@ -216,7 +259,9 @@
"mq_notify", "mq_notify",
"mq_open", "mq_open",
"mq_timedreceive", "mq_timedreceive",
"mq_timedreceive_time64",
"mq_timedsend", "mq_timedsend",
"mq_timedsend_time64",
"mq_unlink", "mq_unlink",
"mremap", "mremap",
"msgctl", "msgctl",
@ -241,6 +286,9 @@
"pipe", "pipe",
"pipe2", "pipe2",
"pivot_root", "pivot_root",
"pkey_alloc",
"pkey_free",
"pkey_mprotect",
"poll", "poll",
"ppoll", "ppoll",
"ppoll_time64", "ppoll_time64",
@ -256,6 +304,7 @@
"pwritev2", "pwritev2",
"read", "read",
"readahead", "readahead",
"readdir",
"readlink", "readlink",
"readlinkat", "readlinkat",
"readv", "readv",
@ -263,6 +312,7 @@
"recv", "recv",
"recvfrom", "recvfrom",
"recvmmsg", "recvmmsg",
"recvmmsg_time64",
"recvmsg", "recvmsg",
"remap_file_pages", "remap_file_pages",
"removexattr", "removexattr",
@ -271,6 +321,7 @@
"renameat2", "renameat2",
"restart_syscall", "restart_syscall",
"rmdir", "rmdir",
"rseq",
"rt_sigaction", "rt_sigaction",
"rt_sigpending", "rt_sigpending",
"rt_sigprocmask", "rt_sigprocmask",
@ -278,6 +329,7 @@
"rt_sigreturn", "rt_sigreturn",
"rt_sigsuspend", "rt_sigsuspend",
"rt_sigtimedwait", "rt_sigtimedwait",
"rt_sigtimedwait_time64",
"rt_tgsigqueueinfo", "rt_tgsigqueueinfo",
"sched_get_priority_max", "sched_get_priority_max",
"sched_get_priority_min", "sched_get_priority_min",
@ -286,6 +338,7 @@
"sched_getparam", "sched_getparam",
"sched_getscheduler", "sched_getscheduler",
"sched_rr_get_interval", "sched_rr_get_interval",
"sched_rr_get_interval_time64",
"sched_setaffinity", "sched_setaffinity",
"sched_setattr", "sched_setattr",
"sched_setparam", "sched_setparam",
@ -297,6 +350,7 @@
"semget", "semget",
"semop", "semop",
"semtimedop", "semtimedop",
"semtimedop_time64",
"send", "send",
"sendfile", "sendfile",
"sendfile64", "sendfile64",
@ -304,6 +358,7 @@
"sendmsg", "sendmsg",
"sendto", "sendto",
"setns", "setns",
"set_mempolicy",
"set_robust_list", "set_robust_list",
"set_thread_area", "set_thread_area",
"set_tid_address", "set_tid_address",
@ -366,6 +421,7 @@
"timer_gettime", "timer_gettime",
"timer_gettime64", "timer_gettime64",
"timer_settime", "timer_settime",
"timer_settime64",
"timerfd_create", "timerfd_create",
"timerfd_gettime", "timerfd_gettime",
"timerfd_gettime64", "timerfd_gettime64",
@ -581,6 +637,21 @@
}, },
"excludes": {} "excludes": {}
}, },
{
"names": [
"open_by_handle_at"
],
"action": "SCMP_ACT_ERRNO",
"args": [],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_DAC_READ_SEARCH"
]
},
"errnoRet": 1
},
{ {
"names": [ "names": [
"bpf", "bpf",
@ -602,6 +673,28 @@
}, },
"excludes": {} "excludes": {}
}, },
{
"names": [
"bpf",
"fanotify_init",
"lookup_dcookie",
"perf_event_open",
"quotactl",
"setdomainname",
"sethostname",
"setns"
],
"action": "SCMP_ACT_ERRNO",
"args": [],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_SYS_ADMIN"
]
},
"errnoRet": 1
},
{ {
"names": [ "names": [
"chroot" "chroot"
@ -616,6 +709,21 @@
}, },
"excludes": {} "excludes": {}
}, },
{
"names": [
"chroot"
],
"action": "SCMP_ACT_ERRNO",
"args": [],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_SYS_CHROOT"
]
},
"errnoRet": 1
},
{ {
"names": [ "names": [
"delete_module", "delete_module",
@ -635,19 +743,21 @@
}, },
{ {
"names": [ "names": [
"get_mempolicy", "delete_module",
"mbind", "init_module",
"set_mempolicy" "finit_module",
"query_module"
], ],
"action": "SCMP_ACT_ALLOW", "action": "SCMP_ACT_ERRNO",
"args": [], "args": [],
"comment": "", "comment": "",
"includes": { "includes": {},
"excludes": {
"caps": [ "caps": [
"CAP_SYS_NICE" "CAP_SYS_MODULE"
] ]
}, },
"excludes": {} "errnoRet": 1
}, },
{ {
"names": [ "names": [
@ -663,6 +773,21 @@
}, },
"excludes": {} "excludes": {}
}, },
{
"names": [
"acct"
],
"action": "SCMP_ACT_ERRNO",
"args": [],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_SYS_PACCT"
]
},
"errnoRet": 1
},
{ {
"names": [ "names": [
"kcmp", "kcmp",
@ -681,6 +806,25 @@
}, },
"excludes": {} "excludes": {}
}, },
{
"names": [
"kcmp",
"process_madvise",
"process_vm_readv",
"process_vm_writev",
"ptrace"
],
"action": "SCMP_ACT_ERRNO",
"args": [],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_SYS_PTRACE"
]
},
"errnoRet": 1
},
{ {
"names": [ "names": [
"iopl", "iopl",
@ -696,6 +840,22 @@
}, },
"excludes": {} "excludes": {}
}, },
{
"names": [
"iopl",
"ioperm"
],
"action": "SCMP_ACT_ERRNO",
"args": [],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_SYS_RAWIO"
]
},
"errnoRet": 1
},
{ {
"names": [ "names": [
"settimeofday", "settimeofday",
@ -713,6 +873,24 @@
}, },
"excludes": {} "excludes": {}
}, },
{
"names": [
"settimeofday",
"stime",
"clock_settime",
"clock_settime64"
],
"action": "SCMP_ACT_ERRNO",
"args": [],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_SYS_TIME"
]
},
"errnoRet": 1
},
{ {
"names": [ "names": [
"vhangup" "vhangup"
@ -727,6 +905,21 @@
}, },
"excludes": {} "excludes": {}
}, },
{
"names": [
"vhangup"
],
"action": "SCMP_ACT_ERRNO",
"args": [],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_SYS_TTY_CONFIG"
]
},
"errnoRet": 1
},
{ {
"names": [ "names": [
"socket" "socket"

6
skopeo.spec
View File

@ -30,7 +30,7 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl
Epoch: 1 Epoch: 1
Name: skopeo Name: skopeo
Version: 1.3.1 Version: 1.3.1
Release: 7%{?dist} Release: 8%{?dist}
Summary: Inspect container images and repositories on registries Summary: Inspect container images and repositories on registries
License: ASL 2.0 License: ASL 2.0
URL: %{git0} URL: %{git0}
@ -241,6 +241,10 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
%{_datadir}/%{name}/test %{_datadir}/%{name}/test
%changelog %changelog
* Mon Jul 26 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.3.1-8
- update seccomp.json from Fedora to allow clone3 to pass
- Related: #1970747
* Thu Jul 15 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.3.1-7 * Thu Jul 15 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.3.1-7
- update shortnames from Pyxis - update shortnames from Pyxis
- put RHEL9/UBI9 images into overrides - put RHEL9/UBI9 images into overrides