[lxc-devel] [lxc/lxc] b5ed02: seccomp: handle arch inversion

Fri Apr 13 15:29:20 UTC 2018

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: b5ed021bbc47efe77732b38b5946116be94367e1
      https://github.com/lxc/lxc/commit/b5ed021bbc47efe77732b38b5946116be94367e1
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2018-04-13 (Fri, 13 Apr 2018)

  Changed paths:
    M src/lxc/seccomp.c

  Log Message:
  -----------
  seccomp: handle arch inversion

This commit deals with different kernel and userspace layouts and nesting. Here
are three examples:
1. 64bit kernel and 64bit userspace running 32bit containers
2. 64bit kernel and 32bit userspace running 64bit containers
3. 64bit kernel and 64bit userspace running 32bit containers running 64bit containers
Two things to lookout for:
1. The compat arch that is detected might have already been present in the main
   context. So check that it actually hasn't been and only then add it.
2. The contexts don't need merging if the architectures are the same and also can't be.
With these changes I can run all crazy/weird combinations with proper seccomp
isolation.

Closes #654.

Link: https://bugs.chromium.org/p/chromium/issues/detail?id=832366
Reported-by: Chirantan Ekbote <chirantan at chromium.org>
Reported-by: Sonny Rao <sonnyrao at chromium.org>
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>

  Commit: 2c80e9cf156f8b9d0d1ef46705f9418e09d2d89f
      https://github.com/lxc/lxc/commit/2c80e9cf156f8b9d0d1ef46705f9418e09d2d89f
  Author: Serge Hallyn <serge at hallyn.com>
  Date:   2018-04-13 (Fri, 13 Apr 2018)

  Changed paths:
    M src/lxc/seccomp.c

  Log Message:
  -----------
  Merge pull request #2274 from brauner/2018-04-13/fix_seccomp_with_personality_and_64bit_kernel_32_bit_userspace

seccomp: handle arch inversion

Compare: https://github.com/lxc/lxc/compare/bf5afb017428...2c80e9cf156f