[lxc-devel] [lxc/lxc] cd7554: seccomp: fix 32-bit rules
GitHub
noreply at github.com
Fri Jun 20 20:34:08 UTC 2014
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: cd75548b25f39b4ee36dc20e70c8e1b379a287f8
https://github.com/lxc/lxc/commit/cd75548b25f39b4ee36dc20e70c8e1b379a287f8
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-06-20 (Fri, 20 Jun 2014)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: fix 32-bit rules
When calling seccomp_rule_add(), you must pass the native syscall number
even if the context is a 32-bit context. So use resolve_name rather
than resolve_name_arch.
Enhance the check of /proc/self/status for Seccomp: so that we do not
enable seccomp policies if seccomp is not built into the kernel. This
is needed before we can enable by-default seccomp policies (which we
want to do next)
Fix wrong return value check from seccomp_arch_exist, and remove
needless abstraction in arch handling.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
More information about the lxc-devel
mailing list