[lxc-devel] [PATCH 1/1] Catch seccomp violations by init
Stéphane Graber
stgraber at ubuntu.com
Mon Feb 24 17:32:40 UTC 2014
On Mon, Feb 24, 2014 at 11:28:10AM -0600, Serge Hallyn wrote:
> Note that if a task other than init violates the seccomp policy,
> we cannot catch that. Init will catch it and (if it feels like
> it) log it.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> ---
> src/lxc/start.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/src/lxc/start.c b/src/lxc/start.c
> index 2faad8e..f44be96 100644
> --- a/src/lxc/start.c
> +++ b/src/lxc/start.c
> @@ -1050,6 +1050,9 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
> DEBUG("Container rebooting");
> handler->conf->reboot = 1;
> break;
> + case SIGSYS: /* seccomp */
> + DEBUG("Container violated its seccomp policy");
> + break;
> default:
> DEBUG("unknown exit status for init: %d", WTERMSIG(status));
> break;
> --
> 1.9.0
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140224/54cbd92a/attachment.pgp>
More information about the lxc-devel
mailing list