[lxc-devel] [lxc/lxc] f1bcfc: seccomp: add rules for specified architecture only
GitHub
noreply at github.com
Mon Jan 21 11:18:27 UTC 2019
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: f1bcfc796e0a4a04b36284f6261afff59123b1aa
https://github.com/lxc/lxc/commit/f1bcfc796e0a4a04b36284f6261afff59123b1aa
Author: LiFeng <lifeng68 at huawei.com>
Date: 2019-01-21 (Mon, 21 Jan 2019)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: add rules for specified architecture only
If the architecture is specified in the seccomp configuration, like:
```
2
whitelist errno 1
[x86_64]
accept allow
accept4 allow
```
We shoud add rules only for amd64 instead of add rules for
x32/i386/amd64.
1. If the [arch] was not specified in seccomp config, add seccomp rules
for all all compat architectures.
2. If the [arch] specified in seccomp config irrelevant to native host
arch, the rules will be ignored.
3. If specified [all] in seccomp config, add seccomp rules for all
compat architectures.
4. If specified [arch] as same as native host arch, add seccomp rules
for the native host arch.
5. If specified [arch] was not native host arch, but compat to host
arch, add seccomp rules for the specified arch only, NOT add seccomp
rules for native arch.
Signed-off-by: LiFeng <lifeng68 at huawei.com>
Commit: b6825c4b7bd3d99a1a7a9c6943e024cde4d20fd0
https://github.com/lxc/lxc/commit/b6825c4b7bd3d99a1a7a9c6943e024cde4d20fd0
Author: Christian Brauner <christian at brauner.io>
Date: 2019-01-21 (Mon, 21 Jan 2019)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
Merge pull request #2786 from lifeng68/fix_seccomp
seccomp: add rules for specified architecture only
Compare: https://github.com/lxc/lxc/compare/0a0e05aacfd6...b6825c4b7bd3
**NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the lxc-devel
mailing list