[lxc-devel] [PATCH] Fix seccomp profile on attach of undefined container

Thu Dec 10 23:58:58 UTC 2015

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 src/lxc/attach.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 436ae7a..5192c25 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -661,6 +661,7 @@ static bool fetch_seccomp(const char *name, const char *lxcpath,
 		struct lxc_proc_context_info *i, lxc_attach_options_t *options)
 {
 	struct lxc_container *c;
+	char *path;
 
 	if (!(options->namespaces & CLONE_NEWNS) || !(options->attach_flags & LXC_ATTACH_LSM))
 		return true;
@@ -669,8 +670,24 @@ static bool fetch_seccomp(const char *name, const char *lxcpath,
 	if (!c)
 		return false;
 	i->container = c;
-	if (!c->lxc_conf)
+
+	/* Initialize an empty lxc_conf */
+	if (!c->set_config_item(c, "lxc.seccomp", "")) {
 		return false;
+	}
+
+	/* Fetch the current profile path over the cmd interface */
+	path = c->get_running_config_item(c, "lxc.seccomp");
+	if (!path) {
+		return false;
+	}
+
+	/* Copy the value into the new lxc_conf */
+	if (!c->set_config_item(c, "lxc.seccomp", path)) {
+		return false;
+	}
+
+	/* Attempt to parse the resulting config */
 	if (lxc_read_seccomp_config(c->lxc_conf) < 0) {
 		ERROR("Error reading seccomp policy");
 		return false;
-- 
1.9.1

