Add loongarch64 seccomp support

2024-06-15 10:30:35 +08:00 · 2024-06-15 10:30:35 +08:00 · 1cc08b4ce3
commit 1cc08b4ce3
parent d7cfd6678b
2 changed files with 97 additions and 1 deletions
--- a/0003-add-loongarch64-seccomp-support.patch
+++ b/0003-add-loongarch64-seccomp-support.patch
@ -0,0 +1,91 @@
 diff --git a/oci/fixtures/default.json b/oci/fixtures/default.json
 index 8d4d211..b63bfc9 100644
 --- a/oci/fixtures/default.json
 +++ b/oci/fixtures/default.json
@@ -47,6 +47,10 @@
 			"subArchitectures": [
 				"SCMP_ARCH_S390"
 			]
 +		},
 +		{
 +			"architecture": "SCMP_ARCH_LOONGARCH64",
 +			"subArchitectures": null
 		}
 	],
 	"syscalls": [
@@ -810,4 +814,4 @@
 			"excludes": {}
 		}
 	]
 -}
 \ No newline at end of file
 +}
 diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
 index c4d9110..3501693 100644
 --- a/profiles/seccomp/default.json
 +++ b/profiles/seccomp/default.json
@@ -52,6 +52,10 @@
 		{
 			"architecture": "SCMP_ARCH_RISCV64",
 			"subArchitectures": null
 +		},
 +		{
 +			"architecture": "SCMP_ARCH_LOONGARCH64",
 +			"subArchitectures": null
 		}
 	],
 	"syscalls": [
@@ -830,4 +834,4 @@
 			}
 		}
 	]
 -}
 \ No newline at end of file
 +}
 diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go
 index 09fb337..3834bab 100644
 --- a/profiles/seccomp/default_linux.go
 +++ b/profiles/seccomp/default_linux.go
@@ -38,6 +38,10 @@ func arches() []Architecture {
 		{
 			Arch:      specs.ArchRISCV64,
 			SubArches: nil,
 +		},
 +				{
 +			Arch:      specs.ArchLOONGARCH64,
 +			SubArches: nil,
 		},
 	}
 }
 diff --git a/profiles/seccomp/seccomp_linux.go b/profiles/seccomp/seccomp_linux.go
 index 4d8fed6..9eb0741 100644
 --- a/profiles/seccomp/seccomp_linux.go
 +++ b/profiles/seccomp/seccomp_linux.go
@@ -41,6 +41,7 @@ var nativeToSeccomp = map[string]specs.Arch{
 	"ppc64le":     specs.ArchPPC64LE,
 	"s390":        specs.ArchS390,
 	"s390x":       specs.ArchS390X,
 +	"loong64":     specs.ArchLOONGARCH64,
 }
 // GOARCH => libseccomp string
@@ -59,6 +60,7 @@ var goToNative = map[string]string{
 	"ppc64le":     "ppc64le",
 	"s390":        "s390",
 	"s390x":       "s390x",
 +	"loong64":     "loong64",
 }
 // inSlice tests whether a string is contained in a slice of strings or not.
 diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
 index 4e7717d..96e04af 100644
 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
 +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
@@ -741,6 +741,7 @@ const (
 	ArchPARISC      Arch = "SCMP_ARCH_PARISC"
 	ArchPARISC64    Arch = "SCMP_ARCH_PARISC64"
 	ArchRISCV64     Arch = "SCMP_ARCH_RISCV64"
 +	ArchLOONGARCH64 Arch = "SCMP_ARCH_LOONGARCH64"
 )
 // LinuxSeccompAction taken upon Seccomp rule match
--- a/moby.spec
+++ b/moby.spec
@ -7,7 +7,7 @@
 Name: 	  moby
 Version:  25.0.3
-Release:  5
+Release:  6
 Summary:  The open-source application container engine
 License:  ASL 2.0
 URL:	  https://www.docker.com
@ -22,6 +22,7 @@ Source4:  docker.socket
 Source5:  docker.sysconfig
 Patch0000:  0001-fix-cve-2024-29018.patch
 Patch0001:  0002-fix-cve-2024-32473.patch
 Patch0002:  0003-add-loongarch64-seccomp-support.patch
 Requires: %{name}-engine = %{version}-%{release}
@ -91,6 +92,7 @@ Docker client binary and related utilities
 %setup -q -T -n %{_source_engine} -b 1
 %patch0000 -p1
 %patch0001 -p1
 %patch0002 -p1
 %setup -q -T -n %{_source_docker_init} -b 2
 %build
@ -192,6 +194,9 @@ fi
 %systemd_postun_with_restart docker.service
 %changelog
 * Fri Jun 14 2024 zhaixiaojuan<zhaixiaojuan@loongson.cn> - 25.0.3-6
 - DESC:add loongarch64 seccomp support
 * Tue May 14 2024 wanglimin<wanglimin@xfusion.com> - 25.0.3-5
 - DESC:clean dependency between engine and cli