Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: f1bcfc796e0a4a04b36284f6261afff59123b1aa https://github.com/lxc/lxc/commit/f1bcfc796e0a4a04b36284f6261afff59123b1aa Author: LiFeng <lifen...@huawei.com> Date: 2019-01-21 (Mon, 21 Jan 2019)
Changed paths: M src/lxc/seccomp.c Log Message: ----------- seccomp: add rules for specified architecture only If the architecture is specified in the seccomp configuration, like: ``` 2 whitelist errno 1 [x86_64] accept allow accept4 allow ``` We shoud add rules only for amd64 instead of add rules for x32/i386/amd64. 1. If the [arch] was not specified in seccomp config, add seccomp rules for all all compat architectures. 2. If the [arch] specified in seccomp config irrelevant to native host arch, the rules will be ignored. 3. If specified [all] in seccomp config, add seccomp rules for all compat architectures. 4. If specified [arch] as same as native host arch, add seccomp rules for the native host arch. 5. If specified [arch] was not native host arch, but compat to host arch, add seccomp rules for the specified arch only, NOT add seccomp rules for native arch. Signed-off-by: LiFeng <lifen...@huawei.com> Commit: b6825c4b7bd3d99a1a7a9c6943e024cde4d20fd0 https://github.com/lxc/lxc/commit/b6825c4b7bd3d99a1a7a9c6943e024cde4d20fd0 Author: Christian Brauner <christ...@brauner.io> Date: 2019-01-21 (Mon, 21 Jan 2019) Changed paths: M src/lxc/seccomp.c Log Message: ----------- Merge pull request #2786 from lifeng68/fix_seccomp seccomp: add rules for specified architecture only Compare: https://github.com/lxc/lxc/compare/0a0e05aacfd6...b6825c4b7bd3 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019.
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel