Merge pull request #7381 from baude/v2CIFix

Fix v2.0.x CI

contrib/cirrus/lib.sh

@@ -393,6 +393,11 @@ install_test_configs() {
     # by default in google cloud.  https://cloud.google.com/vpc/docs/vpc#ip-ranges
     install -v -D -m 644 $SCRIPT_BASE/99-do-not-use-google-subnets.conflist /etc/cni/net.d/
     install -v -D -m 644 ./test/registries.conf /etc/containers/
+    # This needs to removed when we have a seccomp profile
+    # that works on ubuntu with runc
+    if [[ -f "seccomp.json" ]]; then
+	install -v -D -m 644 ./seccomp.json /usr/share/containers
+    fi
 }
 
 # Remove all files provided by the distro version of podman.

seccomp.json

@@ -65,9 +65,11 @@
 				"chmod",
 				"chown",
 				"chown32",
+				"clock_adjtime",
 				"clock_getres",
 				"clock_gettime",
 				"clock_nanosleep",
+			        "clone",
 				"close",
 				"connect",
 				"copy_file_range",
@@ -167,6 +169,7 @@
 				"io_setup",
 				"io_submit",
 				"ipc",
+				"keyctl",
 				"kill",
 				"lchown",
 				"lchown32",
@@ -218,6 +221,7 @@
 				"pause",
 				"pipe",
 				"pipe2",
+				"pivot_root",
 				"poll",
 				"ppoll",
 				"prctl",
@@ -329,6 +333,7 @@
 				"sync_file_range",
 				"syncfs",
 				"sysinfo",
+				"syslog",
 				"tee",
 				"tgkill",
 				"time",
@@ -525,7 +530,8 @@
 			"names": [
 				"s390_pci_mmio_read",
 				"s390_pci_mmio_write",
-				"s390_runtime_instr"
+		                "s390_runtime_instr",
+			        "clone"
 			],
 			"action": "SCMP_ACT_ALLOW",
 			"args": [],
@@ -565,7 +571,6 @@
 				"setdomainname",
 				"sethostname",
 				"setns",
-				"syslog",
 				"umount",
 				"umount2",
 				"unshare"
@@ -676,6 +681,23 @@
 			},
 			"excludes": {}
 		},
+		{
+			"names": [
+				"get_mempolicy",
+				"mbind",
+				"name_to_handle_at",
+				"set_mempolicy"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"args": [],
+			"comment": "",
+			"includes": {
+				"caps": [
+					"CAP_SYS_NICE"
+				]
+			},
+			"excludes": {}
+		},
 		{
 			"names": [
 				"acct"
@@ -726,7 +748,9 @@
 			"names": [
 				"settimeofday",
 				"stime",
-				"clock_settime"
+				"clock_settime",
+				"clock_adjtime",
+				"adjtimex"
 			],
 			"action": "SCMP_ACT_ALLOW",
 			"args": [],
@@ -751,36 +775,6 @@
 				]
 			},
 			"excludes": {}
-		},
-		{
-			"names": [
-				"get_mempolicy",
-				"mbind",
-				"set_mempolicy"
-			],
-			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
-			"includes": {
-				"caps": [
-					"CAP_SYS_NICE"
-				]
-			},
-			"excludes": {}
-		},
-		{
-			"names": [
-				"syslog"
-			],
-			"action": "SCMP_ACT_ALLOW",
-			"args": [],
-			"comment": "",
-			"includes": {
-				"caps": [
-					"CAP_SYSLOG"
-				]
-			},
-			"excludes": {}
 		}
 	]
 }