[lxc-devel] [go-lxc/v2] container: add InitPidFd(), SeccompNotifyFd() api extensions

[brauner on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 366 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200512/52df311b/attachment.bin>
-------------- next part --------------
From 97e5f4b8182e9f2987b2bc055c433f3e3c74d04a Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 12 May 2020 17:41:26 +0200
Subject: [PATCH 1/2] container: add InitPidFd() api extension

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 container.go  | 9 +++++++++
 lxc-binding.c | 4 ++++
 lxc-binding.h | 1 +
 3 files changed, 14 insertions(+)

diff --git a/container.go b/container.go
index 5cada46..2366c3a 100644
--- a/container.go
+++ b/container.go
@@ -297,6 +297,15 @@ func (c *Container) InitPid() int {
 	return int(C.go_lxc_init_pid(c.container))
 }
 
+// InitPidFd returns the pidfd of the container's init process as
+// seen from outside the container.
+func (c *Container) InitPidFd() int {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+
+	return int(C.go_lxc_init_pidfd(c.container))
+}
+
 // Daemonize returns true if the container wished to be daemonized.
 func (c *Container) Daemonize() bool {
 	c.mu.RLock()
diff --git a/lxc-binding.c b/lxc-binding.c
index 51d6a9a..7f3aad3 100644
--- a/lxc-binding.c
+++ b/lxc-binding.c
@@ -44,6 +44,10 @@ pid_t go_lxc_init_pid(struct lxc_container *c) {
 	return c->init_pid(c);
 }
 
+int go_lxc_init_pidfd(struct lxc_container *c) {
+	return c->init_pidfd(c);
+}
+
 bool go_lxc_want_daemonize(struct lxc_container *c, bool state) {
 	return c->want_daemonize(c, state);
 }
diff --git a/lxc-binding.h b/lxc-binding.h
index da2cb96..9ae9e8d 100644
--- a/lxc-binding.h
+++ b/lxc-binding.h
@@ -80,6 +80,7 @@ extern int go_lxc_console_getfd(struct lxc_container *c, int ttynum);
 extern int go_lxc_snapshot_list(struct lxc_container *c, struct lxc_snapshot **ret);
 extern int go_lxc_snapshot(struct lxc_container *c);
 extern pid_t go_lxc_init_pid(struct lxc_container *c);
+extern int go_lxc_init_pidfd(struct lxc_container *c);
 extern bool go_lxc_checkpoint(struct lxc_container *c, char *directory, bool stop, bool verbose);
 extern bool go_lxc_restore(struct lxc_container *c, char *directory, bool verbose);
 extern bool go_lxc_config_item_is_supported(const char *key);

From 648ab00cb4d7063d12120591d559aff51b5cdabf Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 12 May 2020 17:43:49 +0200
Subject: [PATCH 2/2] container: add SeccompNotifyFd() api extension

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 container.go  | 8 ++++++++
 lxc-binding.c | 4 ++++
 lxc-binding.h | 1 +
 3 files changed, 13 insertions(+)

diff --git a/container.go b/container.go
index 2366c3a..17c08fb 100644
--- a/container.go
+++ b/container.go
@@ -306,6 +306,14 @@ func (c *Container) InitPidFd() int {
 	return int(C.go_lxc_init_pidfd(c.container))
 }
 
+// SeccompNotifyFd returns the seccomp notify fd of the container.
+func (c *Container) SeccompNotifyFd() int {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+
+	return int(C.go_lxc_seccomp_notify_fd(c.container))
+}
+
 // Daemonize returns true if the container wished to be daemonized.
 func (c *Container) Daemonize() bool {
 	c.mu.RLock()
diff --git a/lxc-binding.c b/lxc-binding.c
index 7f3aad3..261dbef 100644
--- a/lxc-binding.c
+++ b/lxc-binding.c
@@ -48,6 +48,10 @@ int go_lxc_init_pidfd(struct lxc_container *c) {
 	return c->init_pidfd(c);
 }
 
+int go_lxc_seccomp_notify_fd(struct lxc_container *c) {
+	return c->seccomp_notify_fd(c);
+}
+
 bool go_lxc_want_daemonize(struct lxc_container *c, bool state) {
 	return c->want_daemonize(c, state);
 }
diff --git a/lxc-binding.h b/lxc-binding.h
index 9ae9e8d..b52e2cd 100644
--- a/lxc-binding.h
+++ b/lxc-binding.h
@@ -81,6 +81,7 @@ extern int go_lxc_snapshot_list(struct lxc_container *c, struct lxc_snapshot **r
 extern int go_lxc_snapshot(struct lxc_container *c);
 extern pid_t go_lxc_init_pid(struct lxc_container *c);
 extern int go_lxc_init_pidfd(struct lxc_container *c);
+extern int go_lxc_seccomp_notify_fd(struct lxc_container *c);
 extern bool go_lxc_checkpoint(struct lxc_container *c, char *directory, bool stop, bool verbose);
 extern bool go_lxc_restore(struct lxc_container *c, char *directory, bool verbose);
 extern bool go_lxc_config_item_is_supported(const char *key);