[lxc-devel] [lxd/master] lxd/seccomp: Fix broken setxattr
stgraber on Github
lxc-bot at linuxcontainers.org
Mon Jul 22 22:00:09 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190722/04ad7cb2/attachment.bin>
-------------- next part --------------
From dfdce693c584bff9ab78bdfda0724bd48ffdbbf6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 22 Jul 2019 17:59:46 -0400
Subject: [PATCH] lxd/seccomp: Fix broken setxattr
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/main_forksyscall.go | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/lxd/main_forksyscall.go b/lxd/main_forksyscall.go
index 1f03cc1294..0e352d234c 100644
--- a/lxd/main_forksyscall.go
+++ b/lxd/main_forksyscall.go
@@ -283,6 +283,13 @@ static void forksetxattr()
_exit(EXIT_FAILURE);
}
+ snprintf(path, sizeof(path), "/proc/%d/cwd", pid);
+ cwd_fd = open(path, O_PATH | O_RDONLY | O_CLOEXEC);
+ if (cwd_fd < 0) {
+ fprintf(stderr, "%d", ENOANO);
+ _exit(EXIT_FAILURE);
+ }
+
if (setns(mnt_fd, CLONE_NEWNS)) {
fprintf(stderr, "%d", ENOANO);
_exit(EXIT_FAILURE);
More information about the lxc-devel
mailing list