git.ipfire.org Git - thirdparty/lxc.git/commit

]> git.ipfire.org Git - thirdparty/lxc.git/commit

projects / thirdparty / lxc.git / commit

author	Serge Hallyn <serge@hallyn.com>
	Mon, 6 Mar 2017 19:36:19 +0000 (13:36 -0600)
committer	Stéphane Graber <stgraber@ubuntu.com>
	Mon, 20 Mar 2017 21:45:56 +0000 (17:45 -0400)
commit	48318e1b3d6aad5ceb31fb6a5502fa4f996bce5a
tree	0e960eea76188796f26f4c499be29691e86fbd44	tree
parent	51f338c3fd802914038171dd5e03d572ff4ffb87	commit \| diff

seccomp: set SCMP_FLTATR_ATL_TSKIP if available

Newer libseccomp has a flag called SCMP_FLTATR_ATL_TSKIP which
allows syscall '-1' (nop) to be executed.  Without that flag,
debuggers cannot skip system calls inside containers.  For reference,
see the seccomp(2) manpage, which says:

The tracer can skip the system call by changing the system call  number  to  -1.

and see the seccomp issue #80

Signed-off-by: Serge Hallyn <serge@hallyn.com>

src/lxc/seccomp.c

diff | blob | blame | history

Mirror of https://github.com/lxc/lxc.git

RSS Atom