Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 127c52930b23768329815ac591d4e87f8b58df2c
      https://github.com/lxc/lxc/commit/127c52930b23768329815ac591d4e87f8b58df2c
  Author: Serge Hallyn <se...@hallyn.com>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
    M src/lxc/seccomp.c

  Log Message:
  -----------
  seccomp: set SCMP_FLTATR_ATL_TSKIP if available

Newer libseccomp has a flag called SCMP_FLTATR_ATL_TSKIP which
allows syscall '-1' (nop) to be executed.  Without that flag,
debuggers cannot skip system calls inside containers.  For reference,
see the seccomp(2) manpage, which says:

        The tracer can skip the system call by changing the system call  number 
 to  -1.

and see the seccomp issue #80

Signed-off-by: Serge Hallyn <se...@hallyn.com>


  Commit: 7c583068cec23911de4b1edbbc4e1e3f41f44155
      https://github.com/lxc/lxc/commit/7c583068cec23911de4b1edbbc4e1e3f41f44155
  Author: Christian Brauner <christian.brau...@ubuntu.com>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
    M src/lxc/seccomp.c

  Log Message:
  -----------
  Merge pull request #1453 from hallyn/2017-03-06/seccomp

seccomp: set SCMP_FLTATR_ATL_TSKIP if available


Compare: https://github.com/lxc/lxc/compare/81e4574cc2b6...7c583068cec2
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to