Merge pull request #3314 from brauner/2020-03-20/fixes

start: move reading seccomp profile after pre-start hook

Merge pull request #3314 from brauner/2020-03-20/fixes
b3d528ef · Stéphane Graber · GitHub · 00ae4f27 · 2e1361a6 · b3d528ef
Unverified Commit b3d528ef authored Mar 20, 2020 by Stéphane Graber Committed by GitHub Mar 20, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

start.c src/lxc/start.c +5 -5

No files found.
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -737,11 +737,6 @@ int lxc_init(const char *name, struct lxc_handler *handler)
 	lsm_init();
 	TRACE("Initialized LSM");

-	ret = lxc_read_seccomp_config(conf);
-	if (ret < 0)
-		return log_error(-1, "Failed loading seccomp policy");
-	TRACE("Read seccomp policy");
-
 	/* Begin by setting the state to STARTING. */
 	ret = lxc_set_state(name, handler, STARTING);
 	if (ret < 0)
@@ -840,6 +835,11 @@ int lxc_init(const char *name, struct lxc_handler *handler)
 	}
 	TRACE("Initialized cgroup driver");

+	ret = lxc_read_seccomp_config(conf);
+	if (ret < 0)
+		return log_error(-1, "Failed loading seccomp policy");
+	TRACE("Read seccomp policy");
+
 	ret = lsm_process_prepare(conf, handler->lxcpath);
 	if (ret < 0) {
 		ERROR("Failed to initialize LSM");