[lxc-devel] [lxd/master] seccomp: Fix security.syscalls.blacklist handling
stgraber on Github
lxc-bot at linuxcontainers.org
Wed Oct 18 04:22:32 UTC 2017
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20171018/8cec1215/attachment.bin>
-------------- next part --------------
From 5b33b998a8894611ec24fab72f5f7c64d27ebffe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 18 Oct 2017 00:17:30 -0400
Subject: [PATCH] seccomp: Fix security.syscalls.blacklist handling
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/seccomp.go | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lxd/seccomp.go b/lxd/seccomp.go
index 1c9bb4c70..391d8b109 100644
--- a/lxd/seccomp.go
+++ b/lxd/seccomp.go
@@ -129,6 +129,11 @@ func getSeccompProfileContent(c container) (string, error) {
policy += fmt.Sprintf(COMPAT_BLOCKING_POLICY, arch)
}
+ blacklist := config["security.syscalls.blacklist"]
+ if blacklist != "" {
+ policy += blacklist
+ }
+
return policy, nil
}
More information about the lxc-devel
mailing list