From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 5 Jul 2019 07:44:17 +0000 (+0200)
Subject: seccomp: don't ignore syscalls when there's no proxy
X-Git-Tag: lxc-3.2.0~9^2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5357b872f7052936a58748b7a338a42c86c2a4fc;p=thirdparty%2Flxc.git

seccomp: don't ignore syscalls when there's no proxy

The container process would just hang.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 272eeb766..64c3140b5 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1366,17 +1366,17 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
 	char *cookie = conf->seccomp.notifier.cookie;
 	uint64_t req_id;
 
-	if (listener_proxy_fd < 0) {
-		ERROR("No seccomp proxy registered");
-		return minus_one_set_errno(EINVAL);
-	}
-
 	ret = seccomp_notify_receive(fd, req);
 	if (ret) {
 		SYSERROR("Failed to read seccomp notification");
 		goto out;
 	}
 
+	if (listener_proxy_fd < 0) {
+		ERROR("No seccomp proxy registered");
+		return minus_one_set_errno(EINVAL);
+	}
+
 	/* remember the ID in case we receive garbage from the proxy */
 	resp->id = req_id = req->id;