proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-25 11:46:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

seccomp: parse_config_v1()

Browse Source 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner 2018-05-24 13:35:01 +02:00
parent 5fdc4e77a6
commit ccf8d128e4
No known key found for this signature in database
GPG Key ID: 8EB056D53EECB12D
1 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/lxc/seccomp.c
View File

@ -23,9 +23,9 @@
#define _GNU_SOURCE #define _GNU_SOURCE
#include <errno.h> #include <errno.h>
#include <seccomp.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <seccomp.h>
#include <sys/mount.h> #include <sys/mount.h>
#include <sys/utsname.h> #include <sys/utsname.h>
@ -38,25 +38,30 @@ lxc_log_define(lxc_seccomp, lxc);
static int parse_config_v1(FILE *f, struct lxc_conf *conf) static int parse_config_v1(FILE *f, struct lxc_conf *conf)
{ {
char line[1024]; int ret = 0;
int ret; size_t line_bufsz = 0;
char *line = NULL;
while (fgets(line, 1024, f)) { while (getline(&line, &line_bufsz, f) != -1) {
int nr; int nr;
ret = sscanf(line, "%d", &nr); ret = sscanf(line, "%d", &nr);
if (ret != 1) if (ret != 1)
return -1; return -1;
ret = seccomp_rule_add(
#if HAVE_SCMP_FILTER_CTX #if HAVE_SCMP_FILTER_CTX
conf->seccomp_ctx, ret = seccomp_rule_add(conf->seccomp_ctx, SCMP_ACT_ALLOW, nr, 0);
#else
ret = seccomp_rule_add(SCMP_ACT_ALLOW, nr, 0);
#endif #endif
SCMP_ACT_ALLOW, nr, 0);
if (ret < 0) { if (ret < 0) {
ERROR("Failed loading allow rule for %d", nr); ERROR("Failed loading allow rule for %d", nr);
return ret; break;
} }
} }
return 0; free(line);
return ret;
} }
#if HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH #if HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH