seccomp: handle inverted arch

author Serge Hallyn <serge.hallyn@ubuntu.com>

Thu, 12 Nov 2015 23:22:48 +0000 (17:22 -0600)

committer Serge Hallyn <serge.hallyn@ubuntu.com>

Thu, 12 Nov 2015 23:22:48 +0000 (17:22 -0600)
author Serge Hallyn <serge.hallyn@ubuntu.com>
Thu, 12 Nov 2015 23:22:48 +0000 (17:22 -0600)
committer Serge Hallyn <serge.hallyn@ubuntu.com>
Thu, 12 Nov 2015 23:22:48 +0000 (17:22 -0600)
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c

index 02086464512825b262c88f217b64d101180840bd..9eab6af9d1fc095531ff0a15cc0469dc1054bac0 100644 (file)
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -296,10 +296,19 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
         if (native_arch == lxc_seccomp_arch_amd64) {
                 cur_rule_arch = lxc_seccomp_arch_all;
                 compat_arch = SCMP_ARCH_X86;
-               compat_ctx = get_new_ctx(lxc_seccomp_arch_i386,
-                               default_policy_action);
-               if (!compat_ctx)
-                       goto bad;
+               // Detect if we are on x86_64 kernel with 32-bit userspace
+               if (seccomp_arch_exist(conf->seccomp_ctx, SCMP_ARCH_X86)) {
+                       compat_ctx = conf->seccomp_ctx;
+                       conf->seccomp_ctx = get_new_ctx(lxc_seccomp_arch_amd64,
+                                       default_policy_action);
+                       if (!conf->seccomp_ctx)
+                               goto bad;
+               } else {
+                       compat_ctx = get_new_ctx(lxc_seccomp_arch_i386,
+                                       default_policy_action);
+                       if (!compat_ctx)
+                               goto bad;
+               }
         }
  
         if (default_policy_action != SCMP_ACT_KILL) {
author	Serge Hallyn <serge.hallyn@ubuntu.com>
	Thu, 12 Nov 2015 23:22:48 +0000 (17:22 -0600)
committer	Serge Hallyn <serge.hallyn@ubuntu.com>
	Thu, 12 Nov 2015 23:22:48 +0000 (17:22 -0600)