[lxc-devel] [lxc/master] seccomp: support s390 seccomp

[xinhua9569 on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 350 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20191216/7b449732/attachment.bin>
-------------- next part --------------
From 3c3fab000452bd2d4c65f4efc3f40cbf57ff4563 Mon Sep 17 00:00:00 2001
From: dongxinhua <dongxinhua at huawei.com>
Date: Tue, 17 Dec 2019 09:10:04 +0800
Subject: [PATCH] seccomp: support s390 seccomp

Signed-off-by: dongxinhua <dongxinhua at huawei.com>
---
 src/lxc/seccomp.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 00d533e0f9..8924470059 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -339,6 +339,7 @@ enum lxc_hostarch_t {
 	lxc_seccomp_arch_mipsel64,
 	lxc_seccomp_arch_mipsel64n32,
 	lxc_seccomp_arch_s390x,
+	lxc_seccomp_arch_s390,
 	lxc_seccomp_arch_unknown = 999,
 };
 
@@ -371,7 +372,8 @@ int get_hostarch(void)
 		return MIPS_ARCH_O32;
 	else if (strncmp(uts.machine, "s390x", 5) == 0)
 		return lxc_seccomp_arch_s390x;
-
+	else if (strncmp(uts.machine, "s390", 4) == 0)
+		return lxc_seccomp_arch_s390;
 	return lxc_seccomp_arch_unknown;
 }
 
@@ -439,6 +441,11 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch,
 	case lxc_seccomp_arch_s390x:
 		arch = SCMP_ARCH_S390X;
 		break;
+#endif
+#ifdef SCMP_ARCH_S390
+	case lxc_seccomp_arch_s390:
+		arch = SCMP_ARCH_S390;
+		break;
 #endif
 	default:
 		return NULL;
@@ -938,6 +945,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c
 
 				cur_rule_arch = lxc_seccomp_arch_s390x;
 			}
+#endif
+#ifdef SCMP_ARCH_S390
+			else if (strcmp(line, "[s390]") == 0 ||
+				strcmp(line, "[S390]") == 0) {
+				if (native_arch != lxc_seccomp_arch_s390) {
+					cur_rule_arch = lxc_seccomp_arch_unknown;
+					continue;
+				}
+
+				cur_rule_arch = lxc_seccomp_arch_s390;
+			}
 #endif
 			else {
 				goto bad_arch;