seccomp: add support for s390x

author Christian Brauner <cbrauner@suse.de>

Fri, 19 Aug 2016 09:57:14 +0000 (11:57 +0200)

committer Stéphane Graber <stgraber@ubuntu.com>

Thu, 17 Nov 2016 23:31:50 +0000 (18:31 -0500)
author Christian Brauner <cbrauner@suse.de>
Fri, 19 Aug 2016 09:57:14 +0000 (11:57 +0200)
committer Stéphane Graber <stgraber@ubuntu.com>
Thu, 17 Nov 2016 23:31:50 +0000 (18:31 -0500)
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c

index ec77c45fd5a64699bbe28d9ae4d03a058b3690b9..28c4d62d813d354bad0aa30a63669690fcdd5d07 100644 (file)
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -131,6 +131,7 @@ enum lxc_hostarch_t {
         lxc_seccomp_arch_mipsel,
         lxc_seccomp_arch_mipsel64,
         lxc_seccomp_arch_mipsel64n32,
+       lxc_seccomp_arch_s390x,
         lxc_seccomp_arch_unknown = 999,
  };
  
@@ -167,6 +168,8 @@ int get_hostarch(void)
                 return MIPS_ARCH_N64;
         else if (strncmp(uts.machine, "mips", 4) == 0)
                 return MIPS_ARCH_O32;
+       else if (strncmp(uts.machine, "s390x", 5) == 0)
+               return lxc_seccomp_arch_s390x;
         return lxc_seccomp_arch_unknown;
  }
  
@@ -199,6 +202,9 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch, uint32_t default_policy_
         case lxc_seccomp_arch_mipsel: arch = SCMP_ARCH_MIPSEL; break;
         case lxc_seccomp_arch_mipsel64: arch = SCMP_ARCH_MIPSEL64; break;
         case lxc_seccomp_arch_mipsel64n32: arch = SCMP_ARCH_MIPSEL64N32; break;
+#endif
+#ifdef SCMP_ARCH_S390X
+       case lxc_seccomp_arch_s390x: arch = SCMP_ARCH_S390X; break;
  #endif
         default: return NULL;
         }
@@ -365,6 +371,15 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
                                 default_policy_action);
                 if (!compat_ctx[0] || !compat_ctx[1])
                         goto bad;
+#endif
+#ifdef SCMP_ARCH_S390X
+       } else if (native_arch == lxc_seccomp_arch_s390x) {
+               cur_rule_arch = lxc_seccomp_arch_all;
+               compat_arch[0] = SCMP_ARCH_S390X;
+               compat_ctx[0] = get_new_ctx(lxc_seccomp_arch_s390x,
+                               default_policy_action);
+               if (!compat_ctx[0])
+                       goto bad;
  #endif
         }
  
@@ -507,6 +522,16 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
                                 }
                                 cur_rule_arch = lxc_seccomp_arch_mipsel;
                         }
+#endif
+#ifdef SCMP_ARCH_S390X
+                       else if (strcmp(line, "[s390x]") == 0 ||
+                                       strcmp(line, "[S390X]") == 0) {
+                               if (native_arch != lxc_seccomp_arch_s390x) {
+                                       cur_rule_arch = lxc_seccomp_arch_unknown;
+                                       continue;
+                               }
+                               cur_rule_arch = lxc_seccomp_arch_s390x;
+                       }
  #endif
                         else
                                 goto bad_arch;
author	Christian Brauner <cbrauner@suse.de>
	Fri, 19 Aug 2016 09:57:14 +0000 (11:57 +0200)
committer	Stéphane Graber <stgraber@ubuntu.com>
	Thu, 17 Nov 2016 23:31:50 +0000 (18:31 -0500)