[PATCH] seccomp: Add version 1 that blocks `keyctl` due to CVE-2016-0728

This entailed actually refactoring the code now so we can have
versioned profiles.  There's some code motion, but it's all relatively
 src/linux-user-chroot.c |   4 +-
 src/setup-seccomp.c     | 197 +++++++++++++++++++++++++++++-------------------
 src/setup-seccomp.h     |   4 +-
 3 files changed, 126 insertions(+), 79 deletions(-)

Attachment: 0001-seccomp-Add-version-1-that-blocks-keyctl-due-to-CVE-.patch
Description: Text Data

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]