Add SCMP_ACT_LOG as a valid Seccomp action (#1951)

Signed-off-by: blacktop <blacktop@users.noreply.github.com>
2019-09-26 11:03:03 -04:00 · 2019-09-26 11:03:03 -04:00 · 84373aaa56
parent 3e425f80a8
commit 84373aaa56
3 changed files with 5 additions and 0 deletions
--- a/libcontainer/configs/config.go
+++ b/libcontainer/configs/config.go
@ -44,6 +44,7 @@ const (
 	Trap
 	Allow
 	Trace
+	Log
 )

 // Operator is a comparison operator to be used when matching syscall arguments in Seccomp
--- a/libcontainer/seccomp/config.go
+++ b/libcontainer/seccomp/config.go
@ -22,6 +22,7 @@ var actions = map[string]configs.Action{
 	"SCMP_ACT_TRAP":  configs.Trap,
 	"SCMP_ACT_ALLOW": configs.Allow,
 	"SCMP_ACT_TRACE": configs.Trace,
+	"SCMP_ACT_LOG":   configs.Log,
 }

 var archs = map[string]string{
--- a/libcontainer/seccomp/seccomp_linux.go
+++ b/libcontainer/seccomp/seccomp_linux.go
@ -19,6 +19,7 @@ var (
 	actTrap  = libseccomp.ActTrap
 	actKill  = libseccomp.ActKill
 	actTrace = libseccomp.ActTrace.SetReturnCode(int16(unix.EPERM))
+	actLog   = libseccomp.ActLog
 	actErrno = libseccomp.ActErrno.SetReturnCode(int16(unix.EPERM))
 )

@ -112,6 +113,8 @@ func getAction(act configs.Action) (libseccomp.ScmpAction, error) {
 		return actAllow, nil
 	case configs.Trace:
 		return actTrace, nil
+	case configs.Log:
+		return actLog, nil
 	default:
 		return libseccomp.ActInvalid, fmt.Errorf("invalid action, cannot use in rule")
 	}