The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2372
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) ===
From 73e3cb9a16e8a53e0e52b4682bdb3923cbc9f6f6 Mon Sep 17 00:00:00 2001 From: Felix Abecassis <fabecas...@nvidia.com> Date: Fri, 1 Jun 2018 16:01:22 -0700 Subject: [PATCH 1/2] seccomp: drop misleading argument name inherited from the OCI spec The last (optional) argument was named "valueTwo", which seems to originate from the OCI runtime spec: https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#seccomp In proper seccomp terminology, "value" is "datum_a" and "valueTwo" is "datum_b". However, LXC's "valueTwo" was used as the mask for SCMP_CMP_MASKED_EQ, while the mask is supposed to be "datum_a". Signed-off-by: Felix Abecassis <fabecas...@nvidia.com> --- src/lxc/seccomp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c index e32c23b43..4ea3c2a7c 100644 --- a/src/lxc/seccomp.c +++ b/src/lxc/seccomp.c @@ -184,14 +184,14 @@ static enum scmp_compare parse_v2_rule_op(char *s) /* * This function is used to parse the args string into the structure. - * args string format:[index,value,op,valueTwo] or [index,value,op] + * args string format:[index,value,op,mask] or [index,value,op] * index: the index for syscall arguments (type uint) * value: the value for syscall arguments (type uint64) * op: the operator for syscall arguments(string), a valid list of constants as of libseccomp v2.3.2 is SCMP_CMP_NE,SCMP_CMP_LE,SCMP_CMP_LE, SCMP_CMP_EQ, SCMP_CMP_GE, SCMP_CMP_GT, SCMP_CMP_MASKED_EQ, or !=,<=,==,>=,>,&= - * valueTwo: the value for syscall arguments only used for mask eq (type uint64, optional) + * mask: the mask to apply on "value" for SCMP_CMP_MASKED_EQ (type uint64, optional) * Returns 0 on success, < 0 otherwise. */ static int get_seccomp_arg_value(char *key, struct seccomp_v2_rule_args *rule_args) From f42183e68cfe5ee185e4ccc0330a22c02fc24597 Mon Sep 17 00:00:00 2001 From: Felix Abecassis <fabecas...@nvidia.com> Date: Fri, 1 Jun 2018 16:36:26 -0700 Subject: [PATCH 2/2] seccomp: use a default value of 0 for the mask The mask was unconditionally parsed, it failed if no mask was provided. Signed-off-by: Felix Abecassis <fabecas...@nvidia.com> --- src/lxc/seccomp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c index 4ea3c2a7c..24c69c305 100644 --- a/src/lxc/seccomp.c +++ b/src/lxc/seccomp.c @@ -201,7 +201,7 @@ static int get_seccomp_arg_value(char *key, struct seccomp_v2_rule_args *rule_ar uint64_t mask = 0, value = 0; enum scmp_compare op = 0; char *tmp = NULL; - char s[31] = {0}, v[24] = {0}, m[24] = {0}; + char s[31] = {0}, v[24] = {0}, m[24] = {'0'}; tmp = strchr(key, '['); if (!tmp) {
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
