From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Tue, 30 Apr 2019 23:17:49 +0000 (+0200)
Subject: seccomp: don't commit to an api just yet
X-Git-Tag: lxc-3.2.0~82^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ebc1c319f6d4de710fd0eaa968625e8b3fb35eaa;p=thirdparty%2Flxc.git

seccomp: don't commit to an api just yet

I'm not sure that I want to be married (to this layout) just yet.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/lxccontainer.h b/src/lxc/lxccontainer.h
index e2e788993..c367af81a 100644
--- a/src/lxc/lxccontainer.h
+++ b/src/lxc/lxccontainer.h
@@ -31,11 +31,6 @@
 
 #include <lxc/attach_options.h>
 
-#ifdef SCMP_ACT_USER_NOTIF
-#include <linux/seccomp.h>
-#include <seccomp.h>
-#endif
-
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -70,16 +65,6 @@ enum {
 	LXC_SECCOMP_NOTIFY_MAX,
 };
 
-#ifdef SCMP_ACT_USER_NOTIF
-struct seccomp_notify_proxy_msg {
-	uint32_t version;
-	struct seccomp_notif req;
-	struct seccomp_notif_resp resp;
-	pid_t monitor_pid;
-	pid_t init_pid;
-};
-#endif
-
 /*!
  * An LXC container.
  *
diff --git a/src/lxc/lxcseccomp.h b/src/lxc/lxcseccomp.h
index afb3e7352..97394dfef 100644
--- a/src/lxc/lxcseccomp.h
+++ b/src/lxc/lxcseccomp.h
@@ -47,7 +47,17 @@ struct lxc_handler;
 
 #ifdef HAVE_SECCOMP
 
+
 #if HAVE_DECL_SECCOMP_NOTIF_GET_FD
+
+struct seccomp_notify_proxy_msg {
+	uint32_t version;
+	struct seccomp_notif req;
+	struct seccomp_notif_resp resp;
+	pid_t monitor_pid;
+	pid_t init_pid;
+} __attribute__((packed, aligned(8)));
+
 struct seccomp_notify {
 	bool wants_supervision;
 	int notify_fd;