From 3a1c3f61cd346ac68025d33ad6cd8a7726a3de45 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sat, 16 Jan 2021 21:56:43 +0100 Subject: [PATCH] patch seccomp profile --- docker/Dockerfile.arm64 | 1 + plugin/docker.go | 1 + 2 files changed, 2 insertions(+) diff --git a/docker/Dockerfile.arm64 b/docker/Dockerfile.arm64 index dfc1cab..2e495cd 100644 --- a/docker/Dockerfile.arm64 +++ b/docker/Dockerfile.arm64 @@ -17,6 +17,7 @@ RUN apk --update add --virtual .build-deps curl && \ mkdir -p /usr/lib/docker/cli-plugins/ && \ curl -SsL -o /usr/lib/docker/cli-plugins/docker-buildx "https://github.com/docker/buildx/releases/download/v${BUILDX_VERSION}/buildx-v${BUILDX_VERSION}.linux-amd64" && \ curl -SsL -o /var/lib/docker/default.json https://github.com/moby/moby/blob/19.03/profiles/seccomp/default.json && \ + sed -i 's/SCMP_ACT_ERRNO/SCMP_ACT_TRACE/g' /var/lib/docker/default.json && \ chmod 600 /var/lib/docker/default.json && \ chmod 755 /usr/lib/docker/cli-plugins/docker-buildx && \ apk del .build-deps && \ diff --git a/plugin/docker.go b/plugin/docker.go index cb38fb2..b48d3fe 100644 --- a/plugin/docker.go +++ b/plugin/docker.go @@ -174,6 +174,7 @@ func commandDaemon(daemon Daemon) *exec.Cmd { args := []string{ "--data-root", daemon.StoragePath, "--host=unix:///var/run/docker.sock", + "--seccomp-profile=/var/lib/docker/default.json", } if daemon.StorageDriver != "" {