From: Christian Brauner Date: Fri, 20 Mar 2020 14:25:41 +0000 (+0100) Subject: start: move reading seccomp profile after pre-start hook X-Git-Tag: lxc-4.0.0~12^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F3314%2Fhead;p=thirdparty%2Flxc.git start: move reading seccomp profile after pre-start hook This allows users to generate custom profiles at startup. Closes #1848. Signed-off-by: Christian Brauner --- diff --git a/src/lxc/start.c b/src/lxc/start.c index c82fb8988..62152a6f6 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -737,11 +737,6 @@ int lxc_init(const char *name, struct lxc_handler *handler) lsm_init(); TRACE("Initialized LSM"); - ret = lxc_read_seccomp_config(conf); - if (ret < 0) - return log_error(-1, "Failed loading seccomp policy"); - TRACE("Read seccomp policy"); - /* Begin by setting the state to STARTING. */ ret = lxc_set_state(name, handler, STARTING); if (ret < 0) @@ -840,6 +835,11 @@ int lxc_init(const char *name, struct lxc_handler *handler) } TRACE("Initialized cgroup driver"); + ret = lxc_read_seccomp_config(conf); + if (ret < 0) + return log_error(-1, "Failed loading seccomp policy"); + TRACE("Read seccomp policy"); + ret = lsm_process_prepare(conf, handler->lxcpath); if (ret < 0) { ERROR("Failed to initialize LSM");