Catch seccomp violations by init

Note that if a task other than init violates the seccomp policy,
we cannot catch that.  Init will catch it and (if it feels like
it) log it.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 2faad8edf6a6289e7619a75492b740f0b51bec45..f44be963c87092bac79b16d52bee32cbb5cbbba4 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1050,6 +1050,9 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
                        DEBUG("Container rebooting");
                        handler->conf->reboot = 1;
                        break;
+               case SIGSYS: /* seccomp */
+                       DEBUG("Container violated its seccomp policy");
+                       break;
                default:
                        DEBUG("unknown exit status for init: %d", WTERMSIG(status));
                        break;