patch seccomp profile
This commit is contained in:
parent
bd2f3739ff
commit
3a1c3f61cd
@ -17,6 +17,7 @@ RUN apk --update add --virtual .build-deps curl && \
|
|||||||
mkdir -p /usr/lib/docker/cli-plugins/ && \
|
mkdir -p /usr/lib/docker/cli-plugins/ && \
|
||||||
curl -SsL -o /usr/lib/docker/cli-plugins/docker-buildx "https://github.com/docker/buildx/releases/download/v${BUILDX_VERSION}/buildx-v${BUILDX_VERSION}.linux-amd64" && \
|
curl -SsL -o /usr/lib/docker/cli-plugins/docker-buildx "https://github.com/docker/buildx/releases/download/v${BUILDX_VERSION}/buildx-v${BUILDX_VERSION}.linux-amd64" && \
|
||||||
curl -SsL -o /var/lib/docker/default.json https://github.com/moby/moby/blob/19.03/profiles/seccomp/default.json && \
|
curl -SsL -o /var/lib/docker/default.json https://github.com/moby/moby/blob/19.03/profiles/seccomp/default.json && \
|
||||||
|
sed -i 's/SCMP_ACT_ERRNO/SCMP_ACT_TRACE/g' /var/lib/docker/default.json && \
|
||||||
chmod 600 /var/lib/docker/default.json && \
|
chmod 600 /var/lib/docker/default.json && \
|
||||||
chmod 755 /usr/lib/docker/cli-plugins/docker-buildx && \
|
chmod 755 /usr/lib/docker/cli-plugins/docker-buildx && \
|
||||||
apk del .build-deps && \
|
apk del .build-deps && \
|
||||||
|
@ -174,6 +174,7 @@ func commandDaemon(daemon Daemon) *exec.Cmd {
|
|||||||
args := []string{
|
args := []string{
|
||||||
"--data-root", daemon.StoragePath,
|
"--data-root", daemon.StoragePath,
|
||||||
"--host=unix:///var/run/docker.sock",
|
"--host=unix:///var/run/docker.sock",
|
||||||
|
"--seccomp-profile=/var/lib/docker/default.json",
|
||||||
}
|
}
|
||||||
|
|
||||||
if daemon.StorageDriver != "" {
|
if daemon.StorageDriver != "" {
|
||||||
|
Loading…
Reference in New Issue
Block a user