[lxc-devel] [lxd/master] Fix seccomp profile
stgraber on Github
lxc-bot at linuxcontainers.org
Fri Nov 25 16:48:39 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 412 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20161125/f37eb5f8/attachment.bin>
-------------- next part --------------
From c525050e54259eec47630b3fb7d10c440d86d61b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 25 Nov 2016 11:47:41 -0500
Subject: [PATCH] Fix seccomp profile
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
LXC attempted to parse blank lines as syscall numbers.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/seccomp.go | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/lxd/seccomp.go b/lxd/seccomp.go
index f2f48d1..7e40330 100644
--- a/lxd/seccomp.go
+++ b/lxd/seccomp.go
@@ -9,12 +9,10 @@ import (
"github.com/lxc/lxd/shared"
)
-const SECCOMP_HEADER = `
-2
+const SECCOMP_HEADER = `2
`
-const DEFAULT_SECCOMP_POLICY = `
-reject_force_umount # comment this to allow umount -f; not recommended
+const DEFAULT_SECCOMP_POLICY = `reject_force_umount # comment this to allow umount -f; not recommended
[all]
kexec_load errno 38
open_by_handle_at errno 38
@@ -22,8 +20,7 @@ init_module errno 38
finit_module errno 38
delete_module errno 38
`
-const COMPAT_BLOCKING_POLICY = `
-[%s]
+const COMPAT_BLOCKING_POLICY = `[%s]
compat_sys_rt_sigaction errno 38
stub_x32_rt_sigreturn errno 38
compat_sys_ioctl errno 38
More information about the lxc-devel
mailing list