The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/7912
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
From cbad2635672f8d91e0f09a2ae7c000e7c3c0bb27 Mon Sep 17 00:00:00 2001 From: Christian Brauner <christian.brau...@ubuntu.com> Date: Tue, 22 Sep 2020 12:14:32 +0200 Subject: [PATCH 1/2] seccomp: fix bpf support detection Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> --- lxd/seccomp/seccomp.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxd/seccomp/seccomp.go b/lxd/seccomp/seccomp.go index 2ac72d7b08..8f61a116ce 100644 --- a/lxd/seccomp/seccomp.go +++ b/lxd/seccomp/seccomp.go @@ -265,7 +265,7 @@ static void prepare_seccomp_iovec(struct iovec *iov, // bpf.h similar to what we do for seccomp itself. But that's annoying since bpf.h is quite // large. So users that want bpf interception support should make sure to have the relevant // header available at build time. -#ifndef BPF_DEVCG_DEV_CHAR +#ifdef BPF_DEVCG_DEV_CHAR static inline int pidfd_getfd(int pidfd, int fd, int flags) { return syscall(__NR_pidfd_getfd, pidfd, fd, flags); From d387805be00fc51b03478e9a35948c029945ffaf Mon Sep 17 00:00:00 2001 From: Christian Brauner <christian.brau...@ubuntu.com> Date: Tue, 22 Sep 2020 12:14:55 +0200 Subject: [PATCH 2/2] seccomp: improve bpf support detection Newer kernels have turned BPF_DEVCG_DEV_CHAR from a define into enum. Enums can't be detected at compile time with go so switch to BPF_F_ALLOW_MULTI as indicator whether bpf is fully supported on this kernel. If they turn that into an enum to at some point we'll just "vendor" bpf the same way we vendor seccomp. Closes: #7909 Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> --- lxd/seccomp/seccomp.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxd/seccomp/seccomp.go b/lxd/seccomp/seccomp.go index 8f61a116ce..e46b99573e 100644 --- a/lxd/seccomp/seccomp.go +++ b/lxd/seccomp/seccomp.go @@ -265,7 +265,7 @@ static void prepare_seccomp_iovec(struct iovec *iov, // bpf.h similar to what we do for seccomp itself. But that's annoying since bpf.h is quite // large. So users that want bpf interception support should make sure to have the relevant // header available at build time. -#ifdef BPF_DEVCG_DEV_CHAR +#ifdef BPF_F_ALLOW_MULTI static inline int pidfd_getfd(int pidfd, int fd, int flags) { return syscall(__NR_pidfd_getfd, pidfd, fd, flags);
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel