From c2b9bd9e815d6828dc23c0e0644bc31e03c44e6e Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Mon, 24 Feb 2014 11:28:10 -0600
Subject: [PATCH] Catch seccomp violations by init
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Note that if a task other than init violates the seccomp policy,
we cannot catch that.  Init will catch it and (if it feels like
it) log it.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---
 src/lxc/start.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 2faad8edf..f44be963c 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1050,6 +1050,9 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
 			DEBUG("Container rebooting");
 			handler->conf->reboot = 1;
 			break;
+		case SIGSYS: /* seccomp */
+			DEBUG("Container violated its seccomp policy");
+			break;
 		default:
 			DEBUG("unknown exit status for init: %d", WTERMSIG(status));
 			break;