[lxc-devel] [lxc/master] seccomp: do not set SECCOMP_FILTER_FLAG_NEW_LISTENER
brauner on Github
lxc-bot at linuxcontainers.org
Wed Jun 12 12:06:48 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 631 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190612/58e13f70/attachment.bin>
-------------- next part --------------
From f73adb35fbbd164c2bfc975dc4a8b7e8292f4e37 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Wed, 12 Jun 2019 13:42:25 +0200
Subject: [PATCH] seccomp: do not set SECCOMP_FILTER_FLAG_NEW_LISTENER
Do not set SECCOMP_FILTER_FLAG_NEW_LISTENER as seccomp attribute.
Prior to libseccomp merging support for SECCOMP_RET_USER_NOTIF there was a
libseccomp specific attribute that needed to be set before
SECCOMP_RET_USER_NOTIF could be used. This has been removed.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/seccomp.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index d49596fdf6..1e688a4517 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -944,11 +944,6 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c
#if HAVE_DECL_SECCOMP_NOTIFY_FD
if ((rule.action == SCMP_ACT_NOTIFY) &&
!conf->seccomp.notifier.wants_supervision) {
- ret = seccomp_attr_set(conf->seccomp.seccomp_ctx,
- SECCOMP_FILTER_FLAG_NEW_LISTENER, 1);
- if (ret)
- goto bad_rule;
-
conf->seccomp.notifier.wants_supervision = true;
TRACE("Set SECCOMP_FILTER_FLAG_NEW_LISTENER attribute");
}
More information about the lxc-devel
mailing list