diff options
author | Lennart Poettering <lennart@poettering.net> | 2019-04-29 12:04:55 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2019-05-24 10:48:28 +0200 |
commit | f9a3d8e2f3063beb07d72a931c75794786280b3e (patch) | |
tree | 5595a158da3a0963083666ef93940b559a125f0b /src/nspawn | |
parent | 7bbc229cf7539b70d0b3d89a567176f48ec7b583 (diff) | |
download | systemd-f9a3d8e2f3063beb07d72a931c75794786280b3e.tar.gz |
nspawn: expose the new seccomp actions in the OCI logic
Diffstat (limited to 'src/nspawn')
-rw-r--r-- | src/nspawn/nspawn-oci.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/nspawn/nspawn-oci.c b/src/nspawn/nspawn-oci.c index 97323f31dd..b00ff289a6 100644 --- a/src/nspawn/nspawn-oci.c +++ b/src/nspawn/nspawn-oci.c @@ -1656,13 +1656,19 @@ static int oci_seccomp_action_from_string(const char *name, uint32_t *ret) { const char *name; uint32_t action; } table[] = { - { "SCMP_ACT_ALLOW", SCMP_ACT_ALLOW }, - { "SCMP_ACT_ERRNO", SCMP_ACT_ERRNO(EPERM) }, /* the OCI spec doesn't document the error, but it appears EPERM is supposed to be used */ - { "SCMP_ACT_KILL", SCMP_ACT_KILL }, + { "SCMP_ACT_ALLOW", SCMP_ACT_ALLOW }, + { "SCMP_ACT_ERRNO", SCMP_ACT_ERRNO(EPERM) }, /* the OCI spec doesn't document the error, but it appears EPERM is supposed to be used */ + { "SCMP_ACT_KILL", SCMP_ACT_KILL }, +#ifdef SCMP_ACT_KILL_PROCESS + { "SCMP_ACT_KILL_PROCESS", SCMP_ACT_KILL_PROCESS }, +#endif +#ifdef SCMP_ACT_KILL_THREAD + { "SCMP_ACT_KILL_THREAD", SCMP_ACT_KILL_THREAD }, +#endif #ifdef SCMP_ACT_LOG - { "SCMP_ACT_LOG", SCMP_ACT_LOG }, + { "SCMP_ACT_LOG", SCMP_ACT_LOG }, #endif - { "SCMP_ACT_TRAP", SCMP_ACT_TRAP }, + { "SCMP_ACT_TRAP", SCMP_ACT_TRAP }, /* We don't support SCMP_ACT_TRACE because that requires a tracer, and that doesn't really make sense * here */ |