[lxc-devel] [lxc/lxc] d648e1: seccomp: cleanup compat architecture handling
GitHub
noreply at github.com
Wed Apr 18 16:35:13 UTC 2018
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: d648e178f1b3fa9f261b890157d2ee6e9e5e14fa
https://github.com/lxc/lxc/commit/d648e178f1b3fa9f261b890157d2ee6e9e5e14fa
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-04-15 (Sun, 15 Apr 2018)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: cleanup compat architecture handling
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 94d56054143a8634852989819acee06bf4aaf9f9
https://github.com/lxc/lxc/commit/94d56054143a8634852989819acee06bf4aaf9f9
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-04-15 (Sun, 15 Apr 2018)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: improve logging
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 4160ef02e5bbabbf4f3d0ab002aa8afba4f680a1
https://github.com/lxc/lxc/commit/4160ef02e5bbabbf4f3d0ab002aa8afba4f680a1
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-04-15 (Sun, 15 Apr 2018)
Changed paths:
M doc/lxc-execute.sgml.in
M src/lxc/tools/lxc_execute.c
Log Message:
-----------
tools: document -d/--daemonize for lxc-execute
Closes #2280.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 7e84441ec3f973609bc2462528d55888ab1a084f
https://github.com/lxc/lxc/commit/7e84441ec3f973609bc2462528d55888ab1a084f
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-04-18 (Wed, 18 Apr 2018)
Changed paths:
M src/lxc/seccomp.c
M src/tests/api_reboot.c
Log Message:
-----------
seccomp: non-functional changes
Rename "compat_ctx" to "contexts" and "compat_arch" to "architectures".
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: eca6736eb019f33a6243fc20a61c658da0662827
https://github.com/lxc/lxc/commit/eca6736eb019f33a6243fc20a61c658da0662827
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-04-18 (Wed, 18 Apr 2018)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: handle arch inversion II
LXC generates and loads the seccomp-bpf filter in the host/container which
spawn the new container. In other words, userspace N is responsible for
generating and loading the seccomp-bpf filter which restricts userspace N + 1.
Assume 64bit kernel and 32bit userspace running a 64bit container. In this case
the 32-bit x86 userspace is used to create a seccomp-bpf filter for a 64-bit
userspace. Unless one explicitly adds the 64-bit ABI to the libseccomp filter,
or adjusts the default behavior for "BAD_ARCH", *all* 64-bit x86 syscalls will
be blocked.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Suggested-by: Paul Moore <paul at paul-moore.com>
Commit: a5fb69a3f14b49cceb509504a9a3dc3d5389409a
https://github.com/lxc/lxc/commit/a5fb69a3f14b49cceb509504a9a3dc3d5389409a
Author: Serge Hallyn <serge at hallyn.com>
Date: 2018-04-18 (Wed, 18 Apr 2018)
Changed paths:
M doc/lxc-execute.sgml.in
M src/lxc/seccomp.c
M src/lxc/tools/lxc_execute.c
M src/tests/api_reboot.c
Log Message:
-----------
Merge pull request #2281 from brauner/2018-04-15/seccomp_fixes
seccomp: handle arch inversion - The Architecture Strikes Back
Compare: https://github.com/lxc/lxc/compare/a55e2ad107f0...a5fb69a3f14b
More information about the lxc-devel
mailing list