jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Handle seccomp proc parsing errors 

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This commit is contained in:
Michael Crosby 2016-01-18 16:12:13 -08:00 committed by Jessica Frazelle
parent 41edbeb25e
commit 9c41e8388c
No known key found for this signature in database
GPG Key ID: 18F3685C0022BFF3
1 changed files with 9 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
libcontainer/seccomp/seccomp_linux.go
View File

@ -84,20 +84,17 @@ func IsEnabled() bool {
// Try to read from /proc/self/status for kernels > 3.8 // Try to read from /proc/self/status for kernels > 3.8
s, err := parseStatusFile("/proc/self/status") s, err := parseStatusFile("/proc/self/status")
if err != nil { if err != nil {
// Check if Seccomp is supported, via CONFIG_SECCOMP.
if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_SECCOMP, 0, 0); err != syscall.EINVAL {
// Make sure the kernel has CONFIG_SECCOMP_FILTER.
if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_SECCOMP, SeccompModeFilter, 0); err != syscall.EINVAL {
return true
}
}
return false return false
} }
_, ok := s["Seccomp"]
if _, ok := s["Seccomp"]; ok { return ok
return true
}
// Check if Seccomp is supported, via CONFIG_SECCOMP.
if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_SECCOMP, 0, 0); err != syscall.EINVAL {
// Make sure the kernel has CONFIG_SECCOMP_FILTER.
if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_SECCOMP, SeccompModeFilter, 0); err != syscall.EINVAL {
return true
}
}
return false
} }
// Convert Libcontainer Action to Libseccomp ScmpAction // Convert Libcontainer Action to Libseccomp ScmpAction