proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-14 11:39:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

attach: call lxc_container_new() earlier

Browse Source 
We will reuse the newly initialized container for PR_SET_NO_NEW_PRIVS.

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
This commit is contained in:
Christian Brauner 2016-09-02 18:39:11 +02:00
parent 1325da7eae
commit ff07d7bb5a
No known key found for this signature in database
GPG Key ID: 8EB056D53EECB12D
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/lxc/attach.c
View File

@ -657,8 +657,8 @@ static int attach_child_main(void* data);
/* define default options if no options are supplied by the user */
static lxc_attach_options_t attach_static_default_options = LXC_ATTACH_OPTIONS_DEFAULT;
static bool fetch_seccomp(const char *name, const char *lxcpath,
struct lxc_proc_context_info *i, lxc_attach_options_t *options)
static bool fetch_seccomp(struct lxc_proc_context_info *i,
lxc_attach_options_t *options)
{
struct lxc_container *c;
char *path;
@ -666,10 +666,7 @@ static bool fetch_seccomp(const char *name, const char *lxcpath,
if (!(options->namespaces & CLONE_NEWNS) || !(options->attach_flags & LXC_ATTACH_LSM))
return true;
c = lxc_container_new(name, lxcpath);
if (!c)
return false;
i->container = c;
c = i->container;
/* Initialize an empty lxc_conf */
if (!c->set_config_item(c, "lxc.seccomp", "")) {
@ -744,7 +741,11 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
}
init_ctx->personality = personality;
if (!fetch_seccomp(name, lxcpath, init_ctx, options))
init_ctx->container = lxc_container_new(name, lxcpath);
if (!init_ctx->container)
return -1;
if (!fetch_seccomp(init_ctx, options))
WARN("Failed to get seccomp policy");
cwd = getcwd(NULL, 0);