allow ptrace(2) by default for kernel >= 4.8#6810
Conversation
|
Hi @henry118. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Build succeeded.
|
Could you add this information to the headers of the files? |
contrib/seccomp/kernel_linux.go
Outdated
| @@ -0,0 +1,78 @@ | |||
| //go:build linux | |||
| // +build linux | |||
|
|
|||
There was a problem hiding this comment.
You do not need these lines, as the filename already has _linux.go suffix
contrib/seccomp/kernel_linux.go
Outdated
| limitations under the License. | ||
| */ | ||
|
|
||
| package seccomp |
There was a problem hiding this comment.
I'm feeling this should be a separate package like pkg/kernelversion or contrib/seccomp/kernelversion
Updated. |
|
Build succeeded.
|
contrib/seccomp/seccomp_default.go
Outdated
| } | ||
|
|
||
| // include by kernel version | ||
| if ok, err := kernelversion.KernelGreaterEqualThan( |
There was a problem hiding this comment.
kernelversion.GreatherEqualThan()?
https://go.dev/doc/effective_go#names
For instance, the buffered reader type in the bufio package is called Reader, not BufReader, because users see it as bufio.Reader, which is a clear, concise name.
Signed-off-by: Henry Wang <henwang@amazon.com>
|
Build succeeded.
|
Allow
ptrace(2)by default for kernel >= 4.8Fixes: #6802
kernel_linux.goandkernel_linux_test.goare copied from moby project under:https://github.com/moby/moby/tree/v20.10.14/profiles/seccomp
Testing was performed on 5.10 kernel with
stracetool.Signed-off-by: Henry Wang henwang@amazon.com