git.ipfire.org Git - thirdparty/lxc.git/commit

author	LiFeng <lifeng68@huawei.com>
	Wed, 16 Jan 2019 10:07:59 +0000 (05:07 -0500)
committer	LiFeng <lifeng68@huawei.com>
	Mon, 21 Jan 2019 12:23:23 +0000 (07:23 -0500)
commit	f1bcfc796e0a4a04b36284f6261afff59123b1aa
tree	3631ec297abb3c3e985c06c5a4becd5caaf39a45	tree
parent	bd72001f1aa30732a48d9fe3b58260ee9fe4eb9f	commit \| diff

seccomp: add rules for specified architecture only

If the architecture is specified in the seccomp configuration, like:
```
2
whitelist errno 1
[x86_64]
accept allow
accept4 allow
```
We shoud add rules only for amd64 instead of add rules for
x32/i386/amd64.

1. If the [arch] was not specified in seccomp config, add seccomp rules
for all all compat architectures.
2. If the [arch] specified in seccomp config irrelevant to native host
arch, the rules will be ignored.
3. If specified [all] in seccomp config, add seccomp rules for all
compat architectures.
4. If specified [arch] as same as native host arch, add seccomp rules
for the native host arch.
5. If specified [arch] was not native host arch, but compat to host
arch, add seccomp rules for the specified arch only, NOT add seccomp
rules for native arch.

Signed-off-by: LiFeng <lifeng68@huawei.com>