]> git.ipfire.org Git - thirdparty/lxc.git/commit
projects / thirdparty / lxc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 81e4574) | patch
seccomp: set SCMP_FLTATR_ATL_TSKIP if available 1453/head
authorSerge Hallyn <serge@hallyn.com>
Mon, 6 Mar 2017 19:36:19 +0000 (13:36 -0600)
committerSerge Hallyn <serge@hallyn.com>
Mon, 6 Mar 2017 20:30:50 +0000 (14:30 -0600)
commit127c52930b23768329815ac591d4e87f8b58df2c
treef14998db391c7caa35d98a4f7ede2c9b9338e0a1tree
parent81e4574cc2b6a7556aa1d08f41871f5661d86b5bcommit | diff
seccomp: set SCMP_FLTATR_ATL_TSKIP if available

Newer libseccomp has a flag called SCMP_FLTATR_ATL_TSKIP which
allows syscall '-1' (nop) to be executed.  Without that flag,
debuggers cannot skip system calls inside containers.  For reference,
see the seccomp(2) manpage, which says:

The tracer can skip the system call by changing the system call  number  to  -1.

and see the seccomp issue #80

Signed-off-by: Serge Hallyn <serge@hallyn.com>
src/lxc/seccomp.c diff | blob | blame | history
Mirror of https://github.com/lxc/lxc.git