[lxc-devel] [lxd/master] Fix seccomp profile

[stgraber on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 412 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20161125/f37eb5f8/attachment.bin>
-------------- next part --------------
From c525050e54259eec47630b3fb7d10c440d86d61b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 25 Nov 2016 11:47:41 -0500
Subject: [PATCH] Fix seccomp profile
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

LXC attempted to parse blank lines as syscall numbers.

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/seccomp.go | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/lxd/seccomp.go b/lxd/seccomp.go
index f2f48d1..7e40330 100644
--- a/lxd/seccomp.go
+++ b/lxd/seccomp.go
@@ -9,12 +9,10 @@ import (
 	"github.com/lxc/lxd/shared"
 )
 
-const SECCOMP_HEADER = `
-2
+const SECCOMP_HEADER = `2
 `
 
-const DEFAULT_SECCOMP_POLICY = `
-reject_force_umount  # comment this to allow umount -f;  not recommended
+const DEFAULT_SECCOMP_POLICY = `reject_force_umount  # comment this to allow umount -f;  not recommended
 [all]
 kexec_load errno 38
 open_by_handle_at errno 38
@@ -22,8 +20,7 @@ init_module errno 38
 finit_module errno 38
 delete_module errno 38
 `
-const COMPAT_BLOCKING_POLICY = `
-[%s]
+const COMPAT_BLOCKING_POLICY = `[%s]
 compat_sys_rt_sigaction errno 38
 stub_x32_rt_sigreturn errno 38
 compat_sys_ioctl errno 38