Quoting Bogdan Purcareata (bogdan.purcare...@freescale.com): > Enable aarch64 seccomp support for LXC containers running on ARM64 > architectures. Tested with libseccomp 2.2.0 and the default seccomp > policy example files delivered with the LXC package. > > Signed-off-by: Bogdan Purcareata <bogdan.purcare...@freescale.com>
Looks good, thanks. Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com> (BTW https://github.com/lxc/lxc/issues/571 points to some bugs in the current lxc seccomp code, if you have time to look at that that would be greatly appreciated) > --- > src/lxc/seccomp.c | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c > index 6e61766..27f0ba9 100644 > --- a/src/lxc/seccomp.c > +++ b/src/lxc/seccomp.c > @@ -120,6 +120,7 @@ enum lxc_hostarch_t { > lxc_seccomp_arch_i386, > lxc_seccomp_arch_amd64, > lxc_seccomp_arch_arm, > + lxc_seccomp_arch_arm64, > lxc_seccomp_arch_ppc64, > lxc_seccomp_arch_ppc64le, > lxc_seccomp_arch_ppc, > @@ -139,6 +140,8 @@ int get_hostarch(void) > return lxc_seccomp_arch_amd64; > else if (strncmp(uts.machine, "armv7", 5) == 0) > return lxc_seccomp_arch_arm; > + else if (strncmp(uts.machine, "aarch64", 7) == 0) > + return lxc_seccomp_arch_arm64; > else if (strncmp(uts.machine, "ppc64le", 7) == 0) > return lxc_seccomp_arch_ppc64le; > else if (strncmp(uts.machine, "ppc64", 5) == 0) > @@ -158,6 +161,9 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch, > uint32_t default_policy_ > case lxc_seccomp_arch_i386: arch = SCMP_ARCH_X86; break; > case lxc_seccomp_arch_amd64: arch = SCMP_ARCH_X86_64; break; > case lxc_seccomp_arch_arm: arch = SCMP_ARCH_ARM; break; > +#ifdef SCMP_ARCH_AARCH64 > + case lxc_seccomp_arch_arm64: arch = SCMP_ARCH_AARCH64; break; > +#endif > #ifdef SCMP_ARCH_PPC64LE > case lxc_seccomp_arch_ppc64le: arch = SCMP_ARCH_PPC64LE; break; > #endif > @@ -348,6 +354,16 @@ static int parse_config_v2(FILE *f, char *line, struct > lxc_conf *conf) > cur_rule_arch = lxc_seccomp_arch_arm; > } > #endif > +#ifdef SCMP_ARCH_AARCH64 > + else if (strcmp(line, "[arm64]") == 0 || > + strcmp(line, "[ARM64]") == 0) { > + if (native_arch != lxc_seccomp_arch_arm64) { > + cur_rule_arch = > lxc_seccomp_arch_unknown; > + continue; > + } > + cur_rule_arch = lxc_seccomp_arch_arm64; > + } > +#endif > #ifdef SCMP_ARCH_PPC64LE > else if (strcmp(line, "[ppc64le]") == 0 || > strcmp(line, "[PPC64LE]") == 0) { > -- > 1.9.1 > > _______________________________________________ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel _______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
