The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/1202

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Signed-off-by: Christian Brauner <christian.brau...@canonical.com>

Closes #1199.
From bd4307f0c154ace6560082cf449b08f2f567c98c Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@canonical.com>
Date: Wed, 21 Sep 2016 13:02:08 +0200
Subject: [PATCH] tools: fix lxc-attach regression with -s USER

Signed-off-by: Christian Brauner <christian.brau...@canonical.com>
---
 src/lxc/attach.c  | 24 +++++++++++-------------
 src/lxc/seccomp.c |  2 +-
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index c741410..99b07fa 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -665,16 +665,16 @@ static int attach_child_main(void* data);
 /* define default options if no options are supplied by the user */
 static lxc_attach_options_t attach_static_default_options = 
LXC_ATTACH_OPTIONS_DEFAULT;
 
-static bool fetch_seccomp(struct lxc_proc_context_info *i,
+static bool fetch_seccomp(struct lxc_container *c,
                          lxc_attach_options_t *options)
 {
-       struct lxc_container *c;
        char *path;
 
-       if (!(options->namespaces & CLONE_NEWNS) || !(options->attach_flags & 
LXC_ATTACH_LSM))
+       if (!(options->namespaces & CLONE_NEWNS) || !(options->attach_flags & 
LXC_ATTACH_LSM)) {
+               free(c->lxc_conf->seccomp);
+               c->lxc_conf->seccomp = NULL;
                return true;
-
-       c = i->container;
+       }
 
        /* Remove current setting. */
        if (!c->set_config_item(c, "lxc.seccomp", "")) {
@@ -684,6 +684,7 @@ static bool fetch_seccomp(struct lxc_proc_context_info *i,
        /* Fetch the current profile path over the cmd interface */
        path = c->get_running_config_item(c, "lxc.seccomp");
        if (!path) {
+               INFO("Failed to get running config item for lxc.seccomp.");
                return true;
        }
 
@@ -704,14 +705,11 @@ static bool fetch_seccomp(struct lxc_proc_context_info *i,
        return true;
 }
 
-static bool no_new_privs(struct lxc_proc_context_info *ctx,
+static bool no_new_privs(struct lxc_container *c,
                         lxc_attach_options_t *options)
 {
-       struct lxc_container *c;
        char *val;
 
-       c = ctx->container;
-
        /* Remove current setting. */
        if (!c->set_config_item(c, "lxc.no_new_privs", "")) {
                return false;
@@ -784,10 +782,10 @@ int lxc_attach(const char* name, const char* lxcpath, 
lxc_attach_exec_t exec_fun
        if (!init_ctx->container)
                return -1;
 
-       if (!fetch_seccomp(init_ctx, options))
+       if (!fetch_seccomp(init_ctx->container, options))
                WARN("Failed to get seccomp policy");
 
-       if (!no_new_privs(init_ctx, options))
+       if (!no_new_privs(init_ctx->container, options))
                WARN("Could not determine whether PR_SET_NO_NEW_PRIVS is set.");
 
        cwd = getcwd(NULL, 0);
@@ -1211,9 +1209,9 @@ static int attach_child_main(void* data)
                        rexit(-1);
                }
        }
-
        if (init_ctx->container && init_ctx->container->lxc_conf &&
-                       lxc_seccomp_load(init_ctx->container->lxc_conf) != 0) {
+           init_ctx->container->lxc_conf->seccomp &&
+           (lxc_seccomp_load(init_ctx->container->lxc_conf) != 0)) {
                ERROR("Loading seccomp policy");
                rexit(-1);
        }
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 5069730..ccffa9f 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -748,7 +748,7 @@ int lxc_seccomp_load(struct lxc_conf *conf)
 #endif
            );
        if (ret < 0) {
-               ERROR("Error loading the seccomp policy.");
+               ERROR("Error loading the seccomp policy: %s.", strerror(-ret));
                return -1;
        }
        return 0;
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to