[lxc-devel] [lxd/master] lxd/seccomp: Minimal seccomp server
stgraber on Github
lxc-bot at linuxcontainers.org
Tue May 7 19:10:15 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190507/8c35a0ca/attachment.bin>
-------------- next part --------------
From f7db4bf41dfa03ee00a20407267d11cf63d508d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Tue, 7 May 2019 15:09:49 -0400
Subject: [PATCH] lxd/containers: Don't fail on old libseccomp
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/container_lxc.go | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 249a33d382..508a8db697 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -1812,10 +1812,10 @@ func (c *containerLXC) initLXC(config bool) error {
}
if !c.IsPrivileged() && !c.state.OS.RunningInUserNS && lxc.HasApiExtension("seccomp_notify") && c.DaemonState().OS.SeccompListener {
- err = lxcSetConfigItem(cc, "lxc.seccomp.notify.proxy", fmt.Sprintf("unix:%s", shared.VarPath("seccomp.socket")))
- if err != nil {
- return err
- }
+ // NOTE: Don't fail in cases where liblxc is recent enough but libseccomp isn't
+ // when we add mount() support with user-configurable
+ // options, we will want a hard fail if the user configured it
+ lxcSetConfigItem(cc, "lxc.seccomp.notify.proxy", fmt.Sprintf("unix:%s", shared.VarPath("seccomp.socket")))
}
// Apply raw.lxc
More information about the lxc-devel
mailing list