The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/3951
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Stéphane Graber <[email protected]>
From 5b33b998a8894611ec24fab72f5f7c64d27ebffe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= <[email protected]> Date: Wed, 18 Oct 2017 00:17:30 -0400 Subject: [PATCH] seccomp: Fix security.syscalls.blacklist handling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber <[email protected]> --- lxd/seccomp.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lxd/seccomp.go b/lxd/seccomp.go index 1c9bb4c70..391d8b109 100644 --- a/lxd/seccomp.go +++ b/lxd/seccomp.go @@ -129,6 +129,11 @@ func getSeccompProfileContent(c container) (string, error) { policy += fmt.Sprintf(COMPAT_BLOCKING_POLICY, arch) } + blacklist := config["security.syscalls.blacklist"] + if blacklist != "" { + policy += blacklist + } + return policy, nil }
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
