[lxc-devel] [lxc/lxc] cd7554: seccomp: fix 32-bit rules

GitHub noreply at github.com
Fri Jun 20 20:34:08 UTC 2014


  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: cd75548b25f39b4ee36dc20e70c8e1b379a287f8
      https://github.com/lxc/lxc/commit/cd75548b25f39b4ee36dc20e70c8e1b379a287f8
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-06-20 (Fri, 20 Jun 2014)

  Changed paths:
    M src/lxc/seccomp.c

  Log Message:
  -----------
  seccomp: fix 32-bit rules

When calling seccomp_rule_add(), you must pass the native syscall number
even if the context is a 32-bit context.  So use resolve_name rather
than resolve_name_arch.

Enhance the check of /proc/self/status for Seccomp: so that we do not
enable seccomp policies if seccomp is not built into the kernel.  This
is needed before we can enable by-default seccomp policies (which we
want to do next)

Fix wrong return value check from seccomp_arch_exist, and remove
needless abstraction in arch handling.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>




More information about the lxc-devel mailing list