[lxc-devel] [lxd/master] seccomp: improve bpf support detection

Tue, 22 Sep 2020 03:17:41 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/7912

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>

From cbad2635672f8d91e0f09a2ae7c000e7c3c0bb27 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Tue, 22 Sep 2020 12:14:32 +0200
Subject: [PATCH 1/2] seccomp: fix bpf support detection

Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
 lxd/seccomp/seccomp.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lxd/seccomp/seccomp.go b/lxd/seccomp/seccomp.go
index 2ac72d7b08..8f61a116ce 100644
--- a/lxd/seccomp/seccomp.go
+++ b/lxd/seccomp/seccomp.go
@@ -265,7 +265,7 @@ static void prepare_seccomp_iovec(struct iovec *iov,
 // bpf.h similar to what we do for seccomp itself. But that's annoying since 
bpf.h is quite
 // large. So users that want bpf interception support should make sure to have 
the relevant
 // header available at build time.
-#ifndef BPF_DEVCG_DEV_CHAR
+#ifdef BPF_DEVCG_DEV_CHAR
 static inline int pidfd_getfd(int pidfd, int fd, int flags)
 {
        return syscall(__NR_pidfd_getfd, pidfd, fd, flags);

From d387805be00fc51b03478e9a35948c029945ffaf Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Tue, 22 Sep 2020 12:14:55 +0200
Subject: [PATCH 2/2] seccomp: improve bpf support detection

Newer kernels have turned BPF_DEVCG_DEV_CHAR from a define into enum. Enums
can't be detected at compile time with go so switch to BPF_F_ALLOW_MULTI as
indicator whether bpf is fully supported on this kernel.
If they turn that into an enum to at some point we'll just "vendor" bpf the
same way we vendor seccomp.

Closes: #7909
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
 lxd/seccomp/seccomp.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lxd/seccomp/seccomp.go b/lxd/seccomp/seccomp.go
index 8f61a116ce..e46b99573e 100644
--- a/lxd/seccomp/seccomp.go
+++ b/lxd/seccomp/seccomp.go
@@ -265,7 +265,7 @@ static void prepare_seccomp_iovec(struct iovec *iov,
 // bpf.h similar to what we do for seccomp itself. But that's annoying since 
bpf.h is quite
 // large. So users that want bpf interception support should make sure to have 
the relevant
 // header available at build time.
-#ifdef BPF_DEVCG_DEV_CHAR
+#ifdef BPF_F_ALLOW_MULTI
 static inline int pidfd_getfd(int pidfd, int fd, int flags)
 {
        return syscall(__NR_pidfd_getfd, pidfd, fd, flags);

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to