Whitelist adjtimex get operation. Adjustment operations are gated by CAP_SYS_TIME

Signed-off-by: Miklos Szegedi <miklos.szegedi@cloudera.com>
2017-05-22 22:42:47 -07:00 · 2017-05-22 22:42:47 -07:00 · 2db05316d0
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@ -55,6 +55,7 @@
 				"accept",
 				"accept4",
 				"access",
+				"adjtimex",
 				"alarm",
 				"alarm",
 				"bind",
@ -719,7 +720,6 @@
 			"names": [
 				"settimeofday",
 				"stime",
-				"adjtimex",
 				"clock_settime"
 			],
 			"action": "SCMP_ACT_ALLOW",
--- a/profiles/seccomp/seccomp_default.go
+++ b/profiles/seccomp/seccomp_default.go
@ -49,6 +49,7 @@ func DefaultProfile() *types.Seccomp {
 				"accept",
 				"accept4",
 				"access",
+				"adjtimex",
 				"alarm",
 				"alarm",
 				"bind",
@ -611,7 +612,6 @@ func DefaultProfile() *types.Seccomp {
 			Names: []string{
 				"settimeofday",
 				"stime",
-				"adjtimex",
 				"clock_settime",
 			},
 			Action: types.ActAllow,