[lxc-devel] [lxc/lxc] cd7554: seccomp: fix 32-bit rules

GitHub Fri, 20 Jun 2014 13:35:22 -0700

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: cd75548b25f39b4ee36dc20e70c8e1b379a287f8
      https://github.com/lxc/lxc/commit/cd75548b25f39b4ee36dc20e70c8e1b379a287f8
  Author: Serge Hallyn <[email protected]>
  Date:   2014-06-20 (Fri, 20 Jun 2014)


  Changed paths:
    M src/lxc/seccomp.c

  Log Message:
  -----------
  seccomp: fix 32-bit rules

When calling seccomp_rule_add(), you must pass the native syscall number
even if the context is a 32-bit context.  So use resolve_name rather
than resolve_name_arch.

Enhance the check of /proc/self/status for Seccomp: so that we do not
enable seccomp policies if seccomp is not built into the kernel.  This
is needed before we can enable by-default seccomp policies (which we
want to do next)

Fix wrong return value check from seccomp_arch_exist, and remove
needless abstraction in arch handling.

Signed-off-by: Serge Hallyn <[email protected]>
Acked-by: Stéphane Graber <[email protected]>

_______________________________________________
lxc-devel mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/lxc] cd7554: seccomp: fix 32-bit rules

Reply via email to