From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Mon, 24 Feb 2014 17:28:10 +0000 (-0600)
Subject: Catch seccomp violations by init
X-Git-Tag: lxc-1.1.0.alpha1~270
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c2b9bd9e815d6828dc23c0e0644bc31e03c44e6e;p=thirdparty%2Flxc.git

Catch seccomp violations by init

Note that if a task other than init violates the seccomp policy,
we cannot catch that.  Init will catch it and (if it feels like
it) log it.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 2faad8edf..f44be963c 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1050,6 +1050,9 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
 			DEBUG("Container rebooting");
 			handler->conf->reboot = 1;
 			break;
+		case SIGSYS: /* seccomp */
+			DEBUG("Container violated its seccomp policy");
+			break;
 		default:
 			DEBUG("unknown exit status for init: %d", WTERMSIG(status));
 			break;