[lxc-devel] [go-lxc/v2] container: add SeccompNotifyFdActive()

brauner on Github lxc-bot at linuxcontainers.org
Thu Aug 6 12:55:41 UTC 2020 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 366 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200806/8bc67735/attachment.bin>
-------------- next part --------------
From 95c6c822360cf111ac4ebc2920eec57466dda42f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 6 Aug 2020 14:54:54 +0200
Subject: [PATCH] container: add SeccompNotifyFdActive()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 container.go  | 15 ++++++++++++++-
 lxc-binding.c |  8 ++++++++
 lxc-binding.h |  1 +
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/container.go b/container.go
index 2d13993..eb8a415 100644
--- a/container.go
+++ b/container.go
@@ -338,6 +338,19 @@ func (c *Container) SeccompNotifyFd() (*os.File, error) {
 	return os.NewFile(uintptr(notifyFd), "seccomp notify"), nil
 }
 
+// SeccompNotifyFdActive returns the seccomp notify fd of the running container.
+func (c *Container) SeccompNotifyFdActive() (*os.File, error) {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+
+	notifyFd := int(C.go_lxc_seccomp_notify_fd_active(c.container))
+	if notifyFd < 0 {
+		return nil, unix.Errno(unix.EBADF)
+	}
+
+	return os.NewFile(uintptr(notifyFd), "seccomp notify"), nil
+}
+
 // Daemonize returns true if the container wished to be daemonized.
 func (c *Container) Daemonize() bool {
 	c.mu.RLock()
@@ -2019,4 +2032,4 @@ func buildBdevSpecs(o *BackendStoreSpecs) *C.struct_bdev_specs {
 	}
 
 	return &specs
-}
\ No newline at end of file
+}
diff --git a/lxc-binding.c b/lxc-binding.c
index cdba32b..7dcf55d 100644
--- a/lxc-binding.c
+++ b/lxc-binding.c
@@ -67,6 +67,14 @@ int go_lxc_seccomp_notify_fd(struct lxc_container *c) {
 #endif
 }
 
+int go_lxc_seccomp_notify_fd_active(struct lxc_container *c) {
+#if VERSION_AT_LEAST(4, 0, 5)
+	return c->seccomp_notify_fd_active(c);
+#else
+	return ret_errno(ENOSYS);
+#endif
+}
+
 int go_lxc_devpts_fd(struct lxc_container *c) {
 #if VERSION_AT_LEAST(4, 0, 5)
 	return c->devpts_fd(c);
diff --git a/lxc-binding.h b/lxc-binding.h
index 7369c5c..a3e616b 100644
--- a/lxc-binding.h
+++ b/lxc-binding.h
@@ -83,6 +83,7 @@ extern pid_t go_lxc_init_pid(struct lxc_container *c);
 extern int go_lxc_init_pidfd(struct lxc_container *c);
 extern int go_lxc_devpts_fd(struct lxc_container *c);
 extern int go_lxc_seccomp_notify_fd(struct lxc_container *c);
+extern int go_lxc_seccomp_notify_fd_active(struct lxc_container *c);
 extern bool go_lxc_checkpoint(struct lxc_container *c, char *directory, bool stop, bool verbose);
 extern bool go_lxc_restore(struct lxc_container *c, char *directory, bool verbose);
 extern bool go_lxc_config_item_is_supported(const char *key);

More information about the lxc-devel mailing list