65 lines
2.5 KiB
Diff
65 lines
2.5 KiB
Diff
From 3e1db51b4dc547a7c9bfd251357e2661dc773952 Mon Sep 17 00:00:00 2001
|
|
From: zhongjiawei <zhongjiawei1@huawei.com>
|
|
Date: Mon, 24 Jul 2023 19:39:28 +0800
|
|
Subject: [PATCH] runc: support set seccomp priority
|
|
|
|
---
|
|
libcontainer/configs/config.go | 1 +
|
|
libcontainer/seccomp/seccomp_linux.go | 2 +-
|
|
libcontainer/specconv/spec_linux.go | 1 +
|
|
.../github.com/opencontainers/runtime-spec/specs-go/config.go | 1 +
|
|
4 files changed, 4 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go
|
|
index 7bf83b9..00bf5b0 100644
|
|
--- a/libcontainer/configs/config.go
|
|
+++ b/libcontainer/configs/config.go
|
|
@@ -88,6 +88,7 @@ type Syscall struct {
|
|
Name string `json:"name"`
|
|
Action Action `json:"action"`
|
|
ErrnoRet *uint `json:"errnoRet"`
|
|
+ Priority uint8 `json:"priority,omitempty"`
|
|
Args []*Arg `json:"args"`
|
|
}
|
|
|
|
diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go
|
|
index 8c12af7..e4b5750 100644
|
|
--- a/libcontainer/seccomp/seccomp_linux.go
|
|
+++ b/libcontainer/seccomp/seccomp_linux.go
|
|
@@ -256,7 +256,7 @@ func matchCall(filter *libseccomp.ScmpFilter, call *configs.Syscall, defAct libs
|
|
}
|
|
}
|
|
|
|
- return nil
|
|
+ return filter.SetSyscallPriority(callNum, call.Priority)
|
|
}
|
|
|
|
// Version returns major, minor, and micro.
|
|
diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
|
|
index 7ee81ca..0c55cd6 100644
|
|
--- a/libcontainer/specconv/spec_linux.go
|
|
+++ b/libcontainer/specconv/spec_linux.go
|
|
@@ -1062,6 +1062,7 @@ func SetupSeccomp(config *specs.LinuxSeccomp) (*configs.Seccomp, error) {
|
|
Name: name,
|
|
Action: newAction,
|
|
ErrnoRet: call.ErrnoRet,
|
|
+ Priority: call.Priority,
|
|
Args: []*configs.Arg{},
|
|
}
|
|
// Loop through all the arguments of the syscall and convert them
|
|
diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
|
|
index e8143b2..135f74a 100644
|
|
--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
|
|
+++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
|
|
@@ -688,6 +688,7 @@ type LinuxSyscall struct {
|
|
Names []string `json:"names"`
|
|
Action LinuxSeccompAction `json:"action"`
|
|
ErrnoRet *uint `json:"errnoRet,omitempty"`
|
|
+ Priority uint8 `json:"priority,omitempty"`
|
|
Args []LinuxSeccompArg `json:"args,omitempty"`
|
|
}
|
|
|
|
--
|
|
2.33.0
|
|
|