[lxc-devel] [lxd/master] seccomp: Fix security.syscalls.blacklist handling

stgraber on Github lxc-bot at linuxcontainers.org
Wed Oct 18 04:22:32 UTC 2017


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20171018/8cec1215/attachment.bin>
-------------- next part --------------
From 5b33b998a8894611ec24fab72f5f7c64d27ebffe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 18 Oct 2017 00:17:30 -0400
Subject: [PATCH] seccomp: Fix security.syscalls.blacklist handling
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/seccomp.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lxd/seccomp.go b/lxd/seccomp.go
index 1c9bb4c70..391d8b109 100644
--- a/lxd/seccomp.go
+++ b/lxd/seccomp.go
@@ -129,6 +129,11 @@ func getSeccompProfileContent(c container) (string, error) {
 		policy += fmt.Sprintf(COMPAT_BLOCKING_POLICY, arch)
 	}
 
+	blacklist := config["security.syscalls.blacklist"]
+	if blacklist != "" {
+		policy += blacklist
+	}
+
 	return policy, nil
 }
 


More information about the lxc-devel mailing list