shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-03 01:17:45 +03:00
Code

nspawn: expose the new seccomp actions in the OCI logic

Browse Source
This commit is contained in:
Lennart Poettering 2019-04-29 12:04:55 +02:00
parent 7bbc229cf7
commit f9a3d8e2f3
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/nspawn/nspawn-oci.c
View File

@ -1656,13 +1656,19 @@ static int oci_seccomp_action_from_string(const char *name, uint32_t *ret) {
const char *name; const char *name;
uint32_t action; uint32_t action;
} table[] = { } table[] = {
{ "SCMP_ACT_ALLOW", SCMP_ACT_ALLOW }, { "SCMP_ACT_ALLOW", SCMP_ACT_ALLOW },
{ "SCMP_ACT_ERRNO", SCMP_ACT_ERRNO(EPERM) }, /* the OCI spec doesn't document the error, but it appears EPERM is supposed to be used */ { "SCMP_ACT_ERRNO", SCMP_ACT_ERRNO(EPERM) }, /* the OCI spec doesn't document the error, but it appears EPERM is supposed to be used */
{ "SCMP_ACT_KILL", SCMP_ACT_KILL }, { "SCMP_ACT_KILL", SCMP_ACT_KILL },
#ifdef SCMP_ACT_LOG #ifdef SCMP_ACT_KILL_PROCESS
{ "SCMP_ACT_LOG", SCMP_ACT_LOG }, { "SCMP_ACT_KILL_PROCESS", SCMP_ACT_KILL_PROCESS },
#endif #endif
{ "SCMP_ACT_TRAP", SCMP_ACT_TRAP }, #ifdef SCMP_ACT_KILL_THREAD
{ "SCMP_ACT_KILL_THREAD", SCMP_ACT_KILL_THREAD },
#endif
#ifdef SCMP_ACT_LOG
{ "SCMP_ACT_LOG", SCMP_ACT_LOG },
#endif
{ "SCMP_ACT_TRAP", SCMP_ACT_TRAP },
/* We don't support SCMP_ACT_TRACE because that requires a tracer, and that doesn't really make sense /* We don't support SCMP_ACT_TRACE because that requires a tracer, and that doesn't really make sense
* here */ * here */