From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 25 May 2018 10:07:12 +0000 (+0200)
Subject: seccomp: error on unrecognized actions
X-Git-Tag: lxc-3.1.0~288^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2351%2Fhead;p=thirdparty%2Flxc.git

seccomp: error on unrecognized actions

Be more strict about unrecognized actions. Previously the
parser would happily accept lines with typos like:

  kexec_load errrno 1

(note the extra 'r')

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 44862983c..4ae981203 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -114,6 +114,9 @@ static uint32_t get_v2_default_action(char *line)
 		ret_action = SCMP_ACT_ALLOW;
 	} else if (strncmp(line, "trap", 4) == 0) {
 		ret_action = SCMP_ACT_TRAP;
+	} else if (line[0]) {
+		ERROR("Unrecognized seccomp action: %s", line);
+		return -2;
 	}
 
 	return ret_action;