[lxc-devel] [lxc/master] seccomp: add support for s390x

brauner on Github lxc-bot at linuxcontainers.org
Fri Aug 19 10:35:41 UTC 2016


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 556 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160819/499f68bb/attachment.bin>
-------------- next part --------------
From be038e4948d4590c1fd2670112164b153a3de84f Mon Sep 17 00:00:00 2001
From: Christian Brauner <cbrauner at suse.de>
Date: Fri, 19 Aug 2016 11:57:14 +0200
Subject: [PATCH] seccomp: add support for s390x

Signed-off-by: Christian Brauner <cbrauner at suse.de>
---
 src/lxc/seccomp.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index ec77c45..28c4d62 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -131,6 +131,7 @@ enum lxc_hostarch_t {
 	lxc_seccomp_arch_mipsel,
 	lxc_seccomp_arch_mipsel64,
 	lxc_seccomp_arch_mipsel64n32,
+	lxc_seccomp_arch_s390x,
 	lxc_seccomp_arch_unknown = 999,
 };
 
@@ -167,6 +168,8 @@ int get_hostarch(void)
 		return MIPS_ARCH_N64;
 	else if (strncmp(uts.machine, "mips", 4) == 0)
 		return MIPS_ARCH_O32;
+	else if (strncmp(uts.machine, "s390x", 5) == 0)
+		return lxc_seccomp_arch_s390x;
 	return lxc_seccomp_arch_unknown;
 }
 
@@ -200,6 +203,9 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch, uint32_t default_policy_
 	case lxc_seccomp_arch_mipsel64: arch = SCMP_ARCH_MIPSEL64; break;
 	case lxc_seccomp_arch_mipsel64n32: arch = SCMP_ARCH_MIPSEL64N32; break;
 #endif
+#ifdef SCMP_ARCH_S390X
+	case lxc_seccomp_arch_s390x: arch = SCMP_ARCH_S390X; break;
+#endif
 	default: return NULL;
 	}
 
@@ -366,6 +372,15 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 		if (!compat_ctx[0] || !compat_ctx[1])
 			goto bad;
 #endif
+#ifdef SCMP_ARCH_S390X
+	} else if (native_arch == lxc_seccomp_arch_s390x) {
+		cur_rule_arch = lxc_seccomp_arch_all;
+		compat_arch[0] = SCMP_ARCH_S390X;
+		compat_ctx[0] = get_new_ctx(lxc_seccomp_arch_s390x,
+				default_policy_action);
+		if (!compat_ctx[0])
+			goto bad;
+#endif
 	}
 
 	if (default_policy_action != SCMP_ACT_KILL) {
@@ -508,6 +523,16 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 				cur_rule_arch = lxc_seccomp_arch_mipsel;
 			}
 #endif
+#ifdef SCMP_ARCH_S390X
+			else if (strcmp(line, "[s390x]") == 0 ||
+					strcmp(line, "[S390X]") == 0) {
+				if (native_arch != lxc_seccomp_arch_s390x) {
+					cur_rule_arch = lxc_seccomp_arch_unknown;
+					continue;
+				}
+				cur_rule_arch = lxc_seccomp_arch_s390x;
+			}
+#endif
 			else
 				goto bad_arch;
 


More information about the lxc-devel mailing list