From 3e1db51b4dc547a7c9bfd251357e2661dc773952 Mon Sep 17 00:00:00 2001
From: zhongjiawei <zhongjiawei1@huawei.com>
Date: Mon, 24 Jul 2023 19:39:28 +0800
Subject: [PATCH] runc: support set seccomp priority

---
 libcontainer/configs/config.go                                  | 1 +
 libcontainer/seccomp/seccomp_linux.go                           | 2 +-
 libcontainer/specconv/spec_linux.go                             | 1 +
 .../github.com/opencontainers/runtime-spec/specs-go/config.go   | 1 +
 4 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go
index 7bf83b9..00bf5b0 100644
--- a/libcontainer/configs/config.go
+++ b/libcontainer/configs/config.go
@@ -88,6 +88,7 @@ type Syscall struct {
 	Name     string `json:"name"`
 	Action   Action `json:"action"`
 	ErrnoRet *uint  `json:"errnoRet"`
+	Priority uint8  `json:"priority,omitempty"`
 	Args     []*Arg `json:"args"`
 }
 
diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go
index 8c12af7..e4b5750 100644
--- a/libcontainer/seccomp/seccomp_linux.go
+++ b/libcontainer/seccomp/seccomp_linux.go
@@ -256,7 +256,7 @@ func matchCall(filter *libseccomp.ScmpFilter, call *configs.Syscall, defAct libs
 		}
 	}
 
-	return nil
+	return filter.SetSyscallPriority(callNum, call.Priority)
 }
 
 // Version returns major, minor, and micro.
diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
index 7ee81ca..0c55cd6 100644
--- a/libcontainer/specconv/spec_linux.go
+++ b/libcontainer/specconv/spec_linux.go
@@ -1062,6 +1062,7 @@ func SetupSeccomp(config *specs.LinuxSeccomp) (*configs.Seccomp, error) {
 				Name:     name,
 				Action:   newAction,
 				ErrnoRet: call.ErrnoRet,
+				Priority: call.Priority,
 				Args:     []*configs.Arg{},
 			}
 			// Loop through all the arguments of the syscall and convert them
diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
index e8143b2..135f74a 100644
--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
@@ -688,6 +688,7 @@ type LinuxSyscall struct {
 	Names    []string           `json:"names"`
 	Action   LinuxSeccompAction `json:"action"`
 	ErrnoRet *uint              `json:"errnoRet,omitempty"`
+	Priority uint8              `json:"priority,omitempty"`
 	Args     []LinuxSeccompArg  `json:"args,omitempty"`
 }
 
-- 
2.33.0