[lxc-devel] [lxc/lxc] 127c52: seccomp: set SCMP_FLTATR_ATL_TSKIP if available
GitHub
noreply at github.com
Mon Mar 6 21:43:08 UTC 2017
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 127c52930b23768329815ac591d4e87f8b58df2c
https://github.com/lxc/lxc/commit/127c52930b23768329815ac591d4e87f8b58df2c
Author: Serge Hallyn <serge at hallyn.com>
Date: 2017-03-06 (Mon, 06 Mar 2017)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: set SCMP_FLTATR_ATL_TSKIP if available
Newer libseccomp has a flag called SCMP_FLTATR_ATL_TSKIP which
allows syscall '-1' (nop) to be executed. Without that flag,
debuggers cannot skip system calls inside containers. For reference,
see the seccomp(2) manpage, which says:
The tracer can skip the system call by changing the system call number to -1.
and see the seccomp issue #80
Signed-off-by: Serge Hallyn <serge at hallyn.com>
Commit: 7c583068cec23911de4b1edbbc4e1e3f41f44155
https://github.com/lxc/lxc/commit/7c583068cec23911de4b1edbbc4e1e3f41f44155
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2017-03-06 (Mon, 06 Mar 2017)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
Merge pull request #1453 from hallyn/2017-03-06/seccomp
seccomp: set SCMP_FLTATR_ATL_TSKIP if available
Compare: https://github.com/lxc/lxc/compare/81e4574cc2b6...7c583068cec2
More information about the lxc-devel
mailing list