From cd6563bdaaadeea807a4bb082e9a27b4b72c14df Mon Sep 17 00:00:00 2001 From: DCCooper <1866858@gmail.com> Date: Thu, 13 Jan 2022 17:09:45 +0800 Subject: [PATCH] isula-build: add syscall "statx" in seccomp Signed-off-by: DCCooper <1866858@gmail.com> (cherry picked from commit e3c4bf5285006cc3336cd541f8850db29b1ceece) --- VERSION-openeuler | 2 +- git-commit | 2 +- isula-build.spec | 8 +++++- ...x-in-seccomp-to-fix-Operation-not-pe.patch | 25 +++++++++++++++++++ series.conf | 1 + 5 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 patch/0103-Add-syscall-statx-in-seccomp-to-fix-Operation-not-pe.patch diff --git a/VERSION-openeuler b/VERSION-openeuler index 331ab90..bef6b44 100644 --- a/VERSION-openeuler +++ b/VERSION-openeuler @@ -1 +1 @@ -0.9.5-25 +0.9.5-26 diff --git a/git-commit b/git-commit index 8df0f1f..8a0ba19 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -ccece5d21f168013a2a5b6e712d1837ecb9bde37 +608966d1e89f11bccad80c960064390c26c02d03 diff --git a/isula-build.spec b/isula-build.spec index c5e41ff..2ac0cbe 100644 --- a/isula-build.spec +++ b/isula-build.spec @@ -2,7 +2,7 @@ Name: isula-build Version: 0.9.5 -Release: 25 +Release: 26 Summary: A tool to build container images License: Mulan PSL V2 URL: https://gitee.com/openeuler/isula-build @@ -85,6 +85,12 @@ fi /usr/share/bash-completion/completions/isula-build %changelog +* Thu Jan 13 2022 DCCooper <1866858@gmail.com> - 0.9.5-26 +- Type:enhancement +- CVE:NA +- SUG:restart +- DESC:add syscall "statx" in seccomp + * Wed Jan 12 2022 Lu Jingxiao - 0.9.5-25 - Type:bugfix - CVE:NA diff --git a/patch/0103-Add-syscall-statx-in-seccomp-to-fix-Operation-not-pe.patch b/patch/0103-Add-syscall-statx-in-seccomp-to-fix-Operation-not-pe.patch new file mode 100644 index 0000000..b1e3003 --- /dev/null +++ b/patch/0103-Add-syscall-statx-in-seccomp-to-fix-Operation-not-pe.patch @@ -0,0 +1,25 @@ +From f4d69303103c5b043a104d8eb7361ce6f5848a02 Mon Sep 17 00:00:00 2001 +From: DCCooper <1866858@gmail.com> +Date: Thu, 13 Jan 2022 16:54:24 +0800 +Subject: [PATCH] Add syscall "statx" in seccomp to fix Operation not permitted + +Signed-off-by: DCCooper <1866858@gmail.com> +--- + .../opencontainers/runtime-tools/generate/seccomp/seccomp_default.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go +index 5fee5a3..fd16b6c 100644 +--- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go ++++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go +@@ -303,6 +303,7 @@ func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp { + "stat64", + "statfs", + "statfs64", ++ "statx", + "symlink", + "symlinkat", + "sync", +-- +1.8.3.1 + diff --git a/series.conf b/series.conf index 7b55a4b..b977f26 100644 --- a/series.conf +++ b/series.conf @@ -65,3 +65,4 @@ patch/0099-fix-some-little-mistakes-in-manual_zh.md.patch patch/0100-fix-the-message-is-not-rational-when-not-appoint-Doc.patch patch/0101-utils-remove-unused-PBKDF2-and-AES-related.patch patch/0102-Refactor-refactor-image-separator-related.patch +patch/0103-Add-syscall-statx-in-seccomp-to-fix-Operation-not-pe.patch