[lxc-devel] [lxc/master] seccomp: Check if syscall is supported on compat architecture.
Drachenfels-GmbH on Github
lxc-bot at linuxcontainers.org
Tue Oct 13 15:50:19 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 4699 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20201013/1b14505b/attachment.bin>
-------------- next part --------------
From fbec5f832bf5871e97619f56a8dd511d379c9d05 Mon Sep 17 00:00:00 2001
From: Ruben Jenster <r.jenster at drachenfels.de>
Date: Tue, 13 Oct 2020 16:51:55 +0200
Subject: [PATCH] seccomp: Check if syscall is supported on compat
architecture.
Signed-off-by: Ruben Jenster <r.jenster at drachenfels.de>
---
src/lxc/seccomp.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 06296f5d94..61b9954a86 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -531,6 +531,11 @@ static bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx,
return true;
}
+ if (arch != SCMP_ARCH_NATIVE && seccomp_syscall_resolve_name_arch(arch, line) < 0) {
+ INFO("The syscall \"%s\" nr:%d is not supported on compat arch:%d", line, nr, arch);
+ return true;
+ }
+
memset(&arg_cmp, 0, sizeof(arg_cmp));
for (i = 0; i < rule->args_num; i++) {
INFO("arg_cmp[%d]: SCMP_CMP(%u, %llu, %llu, %llu)", i,
More information about the lxc-devel
mailing list