[lxc-devel] [go-lxc/v2] container: add SeccompNotifyFdActive()

Thu, 06 Aug 2020 05:56:04 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/go-lxc/pull/141

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>

From 95c6c822360cf111ac4ebc2920eec57466dda42f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Thu, 6 Aug 2020 14:54:54 +0200
Subject: [PATCH] container: add SeccompNotifyFdActive()

Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
 container.go  | 15 ++++++++++++++-
 lxc-binding.c |  8 ++++++++
 lxc-binding.h |  1 +
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/container.go b/container.go
index 2d13993..eb8a415 100644
--- a/container.go
+++ b/container.go
@@ -338,6 +338,19 @@ func (c *Container) SeccompNotifyFd() (*os.File, error) {
        return os.NewFile(uintptr(notifyFd), "seccomp notify"), nil
 }
 
+// SeccompNotifyFdActive returns the seccomp notify fd of the running 
container.
+func (c *Container) SeccompNotifyFdActive() (*os.File, error) {
+       c.mu.RLock()
+       defer c.mu.RUnlock()
+
+       notifyFd := int(C.go_lxc_seccomp_notify_fd_active(c.container))
+       if notifyFd < 0 {
+               return nil, unix.Errno(unix.EBADF)
+       }
+
+       return os.NewFile(uintptr(notifyFd), "seccomp notify"), nil
+}
+
 // Daemonize returns true if the container wished to be daemonized.
 func (c *Container) Daemonize() bool {
        c.mu.RLock()
@@ -2019,4 +2032,4 @@ func buildBdevSpecs(o *BackendStoreSpecs) 
*C.struct_bdev_specs {
        }
 
        return &specs
-}
\ No newline at end of file
+}
diff --git a/lxc-binding.c b/lxc-binding.c
index cdba32b..7dcf55d 100644
--- a/lxc-binding.c
+++ b/lxc-binding.c
@@ -67,6 +67,14 @@ int go_lxc_seccomp_notify_fd(struct lxc_container *c) {
 #endif
 }
 
+int go_lxc_seccomp_notify_fd_active(struct lxc_container *c) {
+#if VERSION_AT_LEAST(4, 0, 5)
+       return c->seccomp_notify_fd_active(c);
+#else
+       return ret_errno(ENOSYS);
+#endif
+}
+
 int go_lxc_devpts_fd(struct lxc_container *c) {
 #if VERSION_AT_LEAST(4, 0, 5)
        return c->devpts_fd(c);
diff --git a/lxc-binding.h b/lxc-binding.h
index 7369c5c..a3e616b 100644
--- a/lxc-binding.h
+++ b/lxc-binding.h
@@ -83,6 +83,7 @@ extern pid_t go_lxc_init_pid(struct lxc_container *c);
 extern int go_lxc_init_pidfd(struct lxc_container *c);
 extern int go_lxc_devpts_fd(struct lxc_container *c);
 extern int go_lxc_seccomp_notify_fd(struct lxc_container *c);
+extern int go_lxc_seccomp_notify_fd_active(struct lxc_container *c);
 extern bool go_lxc_checkpoint(struct lxc_container *c, char *directory, bool 
stop, bool verbose);
 extern bool go_lxc_restore(struct lxc_container *c, char *directory, bool 
verbose);
 extern bool go_lxc_config_item_is_supported(const char *key);

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to