[lxc-devel] [lxc/lxc] f1bcfc: seccomp: add rules for specified architecture only

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: f1bcfc796e0a4a04b36284f6261afff59123b1aa
      https://github.com/lxc/lxc/commit/f1bcfc796e0a4a04b36284f6261afff59123b1aa
  Author: LiFeng <lifeng68 at huawei.com>
  Date:   2019-01-21 (Mon, 21 Jan 2019)

  Changed paths:
    M src/lxc/seccomp.c

  Log Message:
  -----------
  seccomp: add rules for specified architecture only

If the architecture is specified in the seccomp configuration, like:
```
2
whitelist errno 1
[x86_64]
accept allow
accept4 allow
```
We shoud add rules only for amd64 instead of add rules for
x32/i386/amd64.

1. If the [arch] was not specified in seccomp config, add seccomp rules
for all all compat architectures.
2. If the [arch] specified in seccomp config irrelevant to native host
arch, the rules will be ignored.
3. If specified [all] in seccomp config, add seccomp rules for all
compat architectures.
4. If specified [arch] as same as native host arch, add seccomp rules
for the native host arch.
5. If specified [arch] was not native host arch, but compat to host
arch, add seccomp rules for the specified arch only, NOT add seccomp
rules for native arch.

Signed-off-by: LiFeng <lifeng68 at huawei.com>


  Commit: b6825c4b7bd3d99a1a7a9c6943e024cde4d20fd0
      https://github.com/lxc/lxc/commit/b6825c4b7bd3d99a1a7a9c6943e024cde4d20fd0
  Author: Christian Brauner <christian at brauner.io>
  Date:   2019-01-21 (Mon, 21 Jan 2019)

  Changed paths:
    M src/lxc/seccomp.c

  Log Message:
  -----------
  Merge pull request #2786 from lifeng68/fix_seccomp

seccomp: add rules for specified architecture only


Compare: https://github.com/lxc/lxc/compare/0a0e05aacfd6...b6825c4b7bd3
      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.