Merge pull request #312 from xoxys/master

add custom seccomp profile
2021-02-09 16:29:27 -05:00 · 2021-02-09 16:29:27 -05:00 · 319660d758
commit 319660d758
parent 9c86f98ea5 b1959299c7
2 changed files with 13 additions and 0 deletions
--- a/docker.go
+++ b/docker.go
@ -343,6 +343,10 @@ func commandDaemon(daemon Daemon) *exec.Cmd {
 		"--host=unix:///var/run/docker.sock",
 	}

+	if _, err := os.Stat("/etc/docker/default.json"); err == nil {
+		args = append(args, "--seccomp-profile=/etc/docker/default.json")
+	}
+
 	if daemon.StorageDriver != "" {
 		args = append(args, "-s", daemon.StorageDriver)
 	}
--- a/docker/docker/Dockerfile.linux.arm
+++ b/docker/docker/Dockerfile.linux.arm
@ -2,5 +2,14 @@ FROM arm32v6/docker:19.03.8-dind

 ENV DOCKER_HOST=unix:///var/run/docker.sock

+RUN apk --update add --virtual .build-deps curl && \
+    mkdir -p /etc/docker/ && \
+    curl -SsL -o /etc/docker/default.json https://raw.githubusercontent.com/moby/moby/19.03/profiles/seccomp/default.json && \
+    sed -i 's/SCMP_ACT_ERRNO/SCMP_ACT_TRACE/g' /etc/docker/default.json && \
+    chmod 600 /etc/docker/default.json && \
+    apk del .build-deps && \
+    rm -rf /var/cache/apk/* && \
+    rm -rf /tmp/*
+
 ADD release/linux/arm/drone-docker /bin/
 ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-docker"]