[lxc-devel] [PATCH 1/1] Catch seccomp violations by init
Serge Hallyn
serge.hallyn at ubuntu.com
Mon Feb 24 17:28:10 UTC 2014
Note that if a task other than init violates the seccomp policy,
we cannot catch that. Init will catch it and (if it feels like
it) log it.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
src/lxc/start.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 2faad8e..f44be96 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1050,6 +1050,9 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
DEBUG("Container rebooting");
handler->conf->reboot = 1;
break;
+ case SIGSYS: /* seccomp */
+ DEBUG("Container violated its seccomp policy");
+ break;
default:
DEBUG("unknown exit status for init: %d", WTERMSIG(status));
break;
--
1.9.0
More information about the lxc-devel
mailing list