From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Thu, 15 Oct 2020 08:00:44 +0000 (+0200)
Subject: seccomp: improve default notification sending
X-Git-Tag: lxc-5.0.0~355^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dc70d7e4fbb731201c3170e3b23079a74ceed6c1;p=thirdparty%2Flxc.git

seccomp: improve default notification sending

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index b19b46f53..8ee68df52 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1347,9 +1347,14 @@ static void seccomp_notify_default_answer(int fd, struct seccomp_notif *req,
 {
 	resp->id = req->id;
 	resp->error = -ENOSYS;
+	resp->val = 0;
+	resp->flags = 0;
 
 	if (seccomp_notify_respond(fd, resp))
-		SYSERROR("Failed to send default message to seccomp");
+		SYSERROR("Failed to send default message to seccomp notification with id(%llu)", resp->id);
+	else
+		TRACE("Sent default response for seccomp notification with id(%llu)", resp->id);
+	memset(resp, 0, handler->conf->seccomp.notifier.sizes.seccomp_notif_resp);
 }
 #endif
 
@@ -1385,7 +1390,7 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
 		return log_trace(0, "Removing seccomp notifier fd %d", fd);
 	}
 
-	memset(req, 0, sizeof(*req));
+	memset(req, 0, conf->seccomp.notifier.sizes.seccomp_notif);
 	ret = seccomp_notify_receive(fd, req);
 	if (ret) {
 		SYSERROR("Failed to read seccomp notification");
@@ -1516,6 +1521,7 @@ retry:
 		SYSERROR("Failed to send seccomp notification");
 	else
 		TRACE("Sent response for seccomp notification with id(%llu)", resp->id);
+	memset(resp, 0, conf->seccomp.notifier.sizes.seccomp_notif_resp);
 
 out:
 #endif