Quoting Bogdan Purcareata (bogdan.purcare...@freescale.com):
This patch enables seccomp support for LXC containers running on PowerPC
architectures. It is based on the latest PowerPC support added to libseccomp,
on
the working-ppc64 branch [1].
Libseccomp has been tested on ppc, ppc64 and ppc64le architectures. LXC with
seccomp support has been tested on ppc and ppc64 architectures, using the
default seccomp policy example files delivered with the LXC package.
[1] https://github.com/seccomp/libseccomp/commits/working-ppc64
Signed-off-by: Bogdan Purcareata bogdan.purcare...@freescale.com
Thanks!
There's one problem here though - it won't build on systems
which don't have SCMP_ARCH_PPC64LE etc defined. It looks like
you followed the bad example set by SCMP_ARCH_ARM. Below,
---
src/lxc/seccomp.c | 42 ++
1 file changed, 42 insertions(+)
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 3ba6c9a..0e2310f 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -121,6 +121,9 @@ enum lxc_hostarch_t {
lxc_seccomp_arch_i386,
lxc_seccomp_arch_amd64,
lxc_seccomp_arch_arm,
+ lxc_seccomp_arch_ppc64,
+ lxc_seccomp_arch_ppc64le,
+ lxc_seccomp_arch_ppc,
lxc_seccomp_arch_unknown = 999,
};
@@ -137,6 +140,12 @@ int get_hostarch(void)
return lxc_seccomp_arch_amd64;
else if (strncmp(uts.machine, armv7, 5) == 0)
return lxc_seccomp_arch_arm;
+ else if (strncmp(uts.machine, ppc64le, 7) == 0)
+ return lxc_seccomp_arch_ppc64le;
+ else if (strncmp(uts.machine, ppc64, 5) == 0)
+ return lxc_seccomp_arch_ppc64;
+ else if (strncmp(uts.machine, ppc, 3) == 0)
+ return lxc_seccomp_arch_ppc;
return lxc_seccomp_arch_unknown;
}
@@ -150,6 +159,9 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch,
uint32_t default_policy_
case lxc_seccomp_arch_i386: arch = SCMP_ARCH_X86; break;
case lxc_seccomp_arch_amd64: arch = SCMP_ARCH_X86_64; break;
case lxc_seccomp_arch_arm: arch = SCMP_ARCH_ARM; break;
These should I guess be between #ifdef SCMP_ARCH_PPC64LE etc.
+ case lxc_seccomp_arch_ppc64le: arch = SCMP_ARCH_PPC64LE; break;
+ case lxc_seccomp_arch_ppc64: arch = SCMP_ARCH_PPC64; break;
+ case lxc_seccomp_arch_ppc: arch = SCMP_ARCH_PPC; break;
default: return NULL;
}
@@ -343,6 +355,36 @@ static int parse_config_v2(FILE *f, char *line, struct
lxc_conf *conf)
cur_rule_arch = lxc_seccomp_arch_arm;
}
#endif
+#ifdef SCMP_ARCH_PPC64LE
+ else if (strcmp(line, [ppc64le]) == 0 ||
+ strcmp(line, [PPC64LE]) == 0) {
+ if (native_arch != lxc_seccomp_arch_ppc64le) {
+ cur_rule_arch =
lxc_seccomp_arch_unknown;
+ continue;
+ }
+ cur_rule_arch = lxc_seccomp_arch_ppc64le;
+ }
+#endif
+#ifdef SCMP_ARCH_PPC64
+ else if (strcmp(line, [ppc64]) == 0 ||
+ strcmp(line, [PPC64]) == 0) {
+ if (native_arch != lxc_seccomp_arch_ppc64) {
+ cur_rule_arch =
lxc_seccomp_arch_unknown;
+ continue;
+ }
+ cur_rule_arch = lxc_seccomp_arch_ppc64;
+ }
+#endif
+#ifdef SCMP_ARCH_PPC
+ else if (strcmp(line, [ppc]) == 0 ||
+ strcmp(line, [PPC]) == 0) {
+ if (native_arch != lxc_seccomp_arch_ppc) {
+ cur_rule_arch =
lxc_seccomp_arch_unknown;
+ continue;
+ }
+ cur_rule_arch = lxc_seccomp_arch_ppc;
+ }
+#endif
else
goto bad_arch;
--
2.1.4
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
