mirror of
https://git.proxmox.com/git/mirror_lxc
synced 2025-07-27 12:37:35 +00:00
Catch seccomp violations by init
Note that if a task other than init violates the seccomp policy, we cannot catch that. Init will catch it and (if it feels like it) log it. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This commit is contained in:
parent
642d1ccd98
commit
c2b9bd9e81
@ -1050,6 +1050,9 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
|
|||||||
DEBUG("Container rebooting");
|
DEBUG("Container rebooting");
|
||||||
handler->conf->reboot = 1;
|
handler->conf->reboot = 1;
|
||||||
break;
|
break;
|
||||||
|
case SIGSYS: /* seccomp */
|
||||||
|
DEBUG("Container violated its seccomp policy");
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
DEBUG("unknown exit status for init: %d", WTERMSIG(status));
|
DEBUG("unknown exit status for init: %d", WTERMSIG(status));
|
||||||
break;
|
break;
|
||||||
|
Loading…
Reference in New Issue
Block a user