runc/patch/0017-runc-support-set-seccomp-priority.patch

From cbb187aee3a309a38a973dee1c1f6d66c1256cf5 Mon Sep 17 00:00:00 2001
From: zhong-jiawei-1 <zhongjiawei1@huawei.com>
Date: Fri, 21 Oct 2022 17:09:33 +0800
Subject: [PATCH] runc: support set seccomp priority

---
 runc-1.1.3/libcontainer/configs/config.go                       | 1 +
 runc-1.1.3/libcontainer/seccomp/seccomp_linux.go                | 2 +-
 runc-1.1.3/libcontainer/specconv/spec_linux.go                  | 1 +
 .../github.com/opencontainers/runtime-spec/specs-go/config.go   | 1 +
 4 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/runc-1.1.3/libcontainer/configs/config.go b/runc-1.1.3/libcontainer/configs/config.go
index cda79bf..f85ade3 100644
--- a/runc-1.1.3/libcontainer/configs/config.go
+++ b/runc-1.1.3/libcontainer/configs/config.go
@@ -88,6 +88,7 @@ type Syscall struct {
 	Name     string `json:"name"`
 	Action   Action `json:"action"`
 	ErrnoRet *uint  `json:"errnoRet"`
+	Priority uint8  `json:"priority,omitempty"`
 	Args     []*Arg `json:"args"`
 }
 
diff --git a/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go b/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go
index 8c12af7..e4b5750 100644
--- a/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go
+++ b/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go
@@ -256,7 +256,7 @@ func matchCall(filter *libseccomp.ScmpFilter, call *configs.Syscall, defAct libs
 		}
 	}
 
-	return nil
+	return filter.SetSyscallPriority(callNum, call.Priority)
 }
 
 // Version returns major, minor, and micro.
diff --git a/runc-1.1.3/libcontainer/specconv/spec_linux.go b/runc-1.1.3/libcontainer/specconv/spec_linux.go
index 19dd947..02a7439 100644
--- a/runc-1.1.3/libcontainer/specconv/spec_linux.go
+++ b/runc-1.1.3/libcontainer/specconv/spec_linux.go
@@ -1061,6 +1061,7 @@ func SetupSeccomp(config *specs.LinuxSeccomp) (*configs.Seccomp, error) {
 				Name:     name,
 				Action:   newAction,
 				ErrnoRet: call.ErrnoRet,
+				Priority: call.Priority,
 				Args:     []*configs.Arg{},
 			}
 			// Loop through all the arguments of the syscall and convert them
diff --git a/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
index e8143b2..135f74a 100644
--- a/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+++ b/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
@@ -688,6 +688,7 @@ type LinuxSyscall struct {
 	Names    []string           `json:"names"`
 	Action   LinuxSeccompAction `json:"action"`
 	ErrnoRet *uint              `json:"errnoRet,omitempty"`
+	Priority uint8              `json:"priority,omitempty"`
 	Args     []LinuxSeccompArg  `json:"args,omitempty"`
 }
 
-- 
2.30.0
runc:patch round to runc 1.1.3 2022-10-26 16:13:47 +08:00			`From cbb187aee3a309a38a973dee1c1f6d66c1256cf5 Mon Sep 17 00:00:00 2001`
			`From: zhong-jiawei-1 <zhongjiawei1@huawei.com>`
			`Date: Fri, 21 Oct 2022 17:09:33 +0800`
			`Subject: [PATCH] runc: support set seccomp priority`

			`---`
			`runc-1.1.3/libcontainer/configs/config.go \| 1 +`
			`runc-1.1.3/libcontainer/seccomp/seccomp_linux.go \| 2 +-`
			`runc-1.1.3/libcontainer/specconv/spec_linux.go \| 1 +`
			`.../github.com/opencontainers/runtime-spec/specs-go/config.go \| 1 +`
			`4 files changed, 4 insertions(+), 1 deletion(-)`

			`diff --git a/runc-1.1.3/libcontainer/configs/config.go b/runc-1.1.3/libcontainer/configs/config.go`
			`index cda79bf..f85ade3 100644`
			`--- a/runc-1.1.3/libcontainer/configs/config.go`
			`+++ b/runc-1.1.3/libcontainer/configs/config.go`
			`@@ -88,6 +88,7 @@ type Syscall struct {`
			Name string `json:"name"`
			Action Action `json:"action"`
			ErrnoRet *uint `json:"errnoRet"`
			+ Priority uint8 `json:"priority,omitempty"`
			Args []*Arg `json:"args"`
			`}`

			`diff --git a/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go b/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go`
			`index 8c12af7..e4b5750 100644`
			`--- a/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go`
			`+++ b/runc-1.1.3/libcontainer/seccomp/seccomp_linux.go`
			`@@ -256,7 +256,7 @@ func matchCall(filter libseccomp.ScmpFilter, call configs.Syscall, defAct libs`
			`}`
			`}`

			`- return nil`
			`+ return filter.SetSyscallPriority(callNum, call.Priority)`
			`}`

			`// Version returns major, minor, and micro.`
			`diff --git a/runc-1.1.3/libcontainer/specconv/spec_linux.go b/runc-1.1.3/libcontainer/specconv/spec_linux.go`
			`index 19dd947..02a7439 100644`
			`--- a/runc-1.1.3/libcontainer/specconv/spec_linux.go`
			`+++ b/runc-1.1.3/libcontainer/specconv/spec_linux.go`
			`@@ -1061,6 +1061,7 @@ func SetupSeccomp(config specs.LinuxSeccomp) (configs.Seccomp, error) {`
			`Name: name,`
			`Action: newAction,`
			`ErrnoRet: call.ErrnoRet,`
			`+ Priority: call.Priority,`
			`Args: []*configs.Arg{},`
			`}`
			`// Loop through all the arguments of the syscall and convert them`
			`diff --git a/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go`
			`index e8143b2..135f74a 100644`
			`--- a/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go`
			`+++ b/runc-1.1.3/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go`
			`@@ -688,6 +688,7 @@ type LinuxSyscall struct {`
			Names []string `json:"names"`
			Action LinuxSeccompAction `json:"action"`
			ErrnoRet *uint `json:"errnoRet,omitempty"`
			+ Priority uint8 `json:"priority,omitempty"`
			Args []LinuxSeccompArg `json:"args,omitempty"`
			`}`

			`--`
			`2.30.0`