This entailed actually refactoring the code now so we can have versioned profiles. There's some code motion, but it's all relatively straightforward. --- src/linux-user-chroot.c | 4 +- src/setup-seccomp.c | 197 +++++++++++++++++++++++++++++------------------- src/setup-seccomp.h | 4 +- 3 files changed, 126 insertions(+), 79 deletions(-)
Attachment:
0001-seccomp-Add-version-1-that-blocks-keyctl-due-to-CVE-.patch
Description: Text Data