!59 Add loongarch64 seccomp support

From: @zhaixiaojuan Reviewed-by: @xu_lei_123 Signed-off-by: @xu_lei_123
2024-06-15 03:26:54 +00:00 · 2024-06-15 03:26:54 +00:00 · fded28337b
commit fded28337b
parent d7cfd6678b 1cc08b4ce3
2 changed files with 97 additions and 1 deletions
--- a/0003-add-loongarch64-seccomp-support.patch
+++ b/0003-add-loongarch64-seccomp-support.patch
@ -0,0 +1,91 @@
+diff --git a/oci/fixtures/default.json b/oci/fixtures/default.json
+index 8d4d211..b63bfc9 100644
+--- a/oci/fixtures/default.json
+++ b/oci/fixtures/default.json
+@@ -47,6 +47,10 @@
+ 			"subArchitectures": [
+ 				"SCMP_ARCH_S390"
+ 			]
+		},
+		{
+			"architecture": "SCMP_ARCH_LOONGARCH64",
+			"subArchitectures": null
+ 		}
+ 	],
+ 	"syscalls": [
+@@ -810,4 +814,4 @@
+ 			"excludes": {}
+ 		}
+ 	]
+-}
+\ No newline at end of file
+}
+diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
+index c4d9110..3501693 100644
+--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
+@@ -52,6 +52,10 @@
+ 		{
+ 			"architecture": "SCMP_ARCH_RISCV64",
+ 			"subArchitectures": null
+		},
+		{
+			"architecture": "SCMP_ARCH_LOONGARCH64",
+			"subArchitectures": null
+ 		}
+ 	],
+ 	"syscalls": [
+@@ -830,4 +834,4 @@
+ 			}
+ 		}
+ 	]
+-}
+\ No newline at end of file
+}
+diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go
+index 09fb337..3834bab 100644
+--- a/profiles/seccomp/default_linux.go
+++ b/profiles/seccomp/default_linux.go
+@@ -38,6 +38,10 @@ func arches() []Architecture {
+ 		{
+ 			Arch:      specs.ArchRISCV64,
+ 			SubArches: nil,
+		},
+				{
+			Arch:      specs.ArchLOONGARCH64,
+			SubArches: nil,
+ 		},
+ 	}
+ }
+diff --git a/profiles/seccomp/seccomp_linux.go b/profiles/seccomp/seccomp_linux.go
+index 4d8fed6..9eb0741 100644
+--- a/profiles/seccomp/seccomp_linux.go
+++ b/profiles/seccomp/seccomp_linux.go
+@@ -41,6 +41,7 @@ var nativeToSeccomp = map[string]specs.Arch{
+ 	"ppc64le":     specs.ArchPPC64LE,
+ 	"s390":        specs.ArchS390,
+ 	"s390x":       specs.ArchS390X,
+	"loong64":     specs.ArchLOONGARCH64,
+ }
+ 
+ // GOARCH => libseccomp string
+@@ -59,6 +60,7 @@ var goToNative = map[string]string{
+ 	"ppc64le":     "ppc64le",
+ 	"s390":        "s390",
+ 	"s390x":       "s390x",
+	"loong64":     "loong64",
+ }
+ 
+ // inSlice tests whether a string is contained in a slice of strings or not.
+diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+index 4e7717d..96e04af 100644
+--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+@@ -741,6 +741,7 @@ const (
+ 	ArchPARISC      Arch = "SCMP_ARCH_PARISC"
+ 	ArchPARISC64    Arch = "SCMP_ARCH_PARISC64"
+ 	ArchRISCV64     Arch = "SCMP_ARCH_RISCV64"
+	ArchLOONGARCH64 Arch = "SCMP_ARCH_LOONGARCH64"
+ )
+ 
+ // LinuxSeccompAction taken upon Seccomp rule match
--- a/moby.spec
+++ b/moby.spec
@ -7,7 +7,7 @@

 Name: 	  moby
 Version:  25.0.3
-Release:  5
+Release:  6
 Summary:  The open-source application container engine
 License:  ASL 2.0
 URL:	  https://www.docker.com
@ -22,6 +22,7 @@ Source4:  docker.socket
 Source5:  docker.sysconfig
 Patch0000:  0001-fix-cve-2024-29018.patch
 Patch0001:  0002-fix-cve-2024-32473.patch
+Patch0002:  0003-add-loongarch64-seccomp-support.patch


 Requires: %{name}-engine = %{version}-%{release}
@ -91,6 +92,7 @@ Docker client binary and related utilities
 %setup -q -T -n %{_source_engine} -b 1
 %patch0000 -p1
 %patch0001 -p1
+%patch0002 -p1
 %setup -q -T -n %{_source_docker_init} -b 2

 %build
@ -192,6 +194,9 @@ fi
 %systemd_postun_with_restart docker.service

 %changelog
+* Fri Jun 14 2024 zhaixiaojuan<zhaixiaojuan@loongson.cn> - 25.0.3-6
+- DESC:add loongarch64 seccomp support
+
 * Tue May 14 2024 wanglimin<wanglimin@xfusion.com> - 25.0.3-5
 - DESC:clean dependency between engine and cli