[lxc-devel] [lxd/master] seccomp: Fix building and overlayfs witheout

stgraber on Github lxc-bot at linuxcontainers.org
Wed Jun 12 14:26:35 UTC 2019 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190612/922d1c60/attachment.bin>
-------------- next part --------------
From 33be42ff31d80f0a2cfd58bac69c55ca53f0a480 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 10 Jun 2019 19:06:11 -0400
Subject: [PATCH 1/2] lxd/seccomp: Allow overlayfs whiteout
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/seccomp.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lxd/seccomp.go b/lxd/seccomp.go
index 9f024b3fb4..dbcf057256 100644
--- a/lxd/seccomp.go
+++ b/lxd/seccomp.go
@@ -58,6 +58,9 @@ struct seccomp_notify_proxy_msg {
 
 static int device_allowed(dev_t dev, mode_t mode)
 {
+	if ((dev == makedev(0, 0)) && (mode & S_IFCHR)) // whiteout
+		return 0;
+
 	if ((dev == makedev(5, 1)) && (mode & S_IFCHR)) // /dev/console
 		return 0;
 

From e298571b3488e654fcd368a9014bef9270201b00 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 12 Jun 2019 10:25:05 -0400
Subject: [PATCH 2/2] lxd/seccomp: Fix building on older kernels
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/seccomp.go | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/lxd/seccomp.go b/lxd/seccomp.go
index dbcf057256..0c735626f7 100644
--- a/lxd/seccomp.go
+++ b/lxd/seccomp.go
@@ -42,6 +42,30 @@ import (
 #include <sys/types.h>
 #include <unistd.h>
 
+#ifndef SECCOMP_RET_USER_NOTIF
+#define SECCOMP_RET_USER_NOTIF 0x7fc00000U
+
+struct seccomp_notif_sizes {
+ __u16 seccomp_notif;
+ __u16 seccomp_notif_resp;
+ __u16 seccomp_data;
+};
+
+struct seccomp_notif {
+ __u64 id;
+ __u32 pid;
+ __u32 flags;
+ struct seccomp_data data;
+};
+
+struct seccomp_notif_resp {
+ __u64 id;
+ __s64 val;
+ __s32 error;
+ __u32 flags;
+}
+#endif
+
 struct seccomp_notify_proxy_msg {
 	uint32_t version;
 #ifdef SECCOMP_RET_USER_NOTIF

More information about the lxc-devel mailing list