Skip to content

L
lxc
Unverified Commit b3d528ef by Stéphane Graber Committed by GitHub
Options

Merge pull request #3314 from brauner/2020-03-20/fixes

start: move reading seccomp profile after pre-start hook
parents 00ae4f27 2e1361a6
Showing with 5 additions and 5 deletions
src/lxc/start.c
...@@ -737,11 +737,6 @@ int lxc_init(const char *name, struct lxc_handler *handler) ...@@ -737,11 +737,6 @@ int lxc_init(const char *name, struct lxc_handler *handler)
lsm_init(); lsm_init();
TRACE("Initialized LSM"); TRACE("Initialized LSM");
ret = lxc_read_seccomp_config(conf);
if (ret < 0)
return log_error(-1, "Failed loading seccomp policy");
TRACE("Read seccomp policy");
/* Begin by setting the state to STARTING. */ /* Begin by setting the state to STARTING. */
ret = lxc_set_state(name, handler, STARTING); ret = lxc_set_state(name, handler, STARTING);
if (ret < 0) if (ret < 0)
...@@ -840,6 +835,11 @@ int lxc_init(const char *name, struct lxc_handler *handler) ...@@ -840,6 +835,11 @@ int lxc_init(const char *name, struct lxc_handler *handler)
} }
TRACE("Initialized cgroup driver"); TRACE("Initialized cgroup driver");
ret = lxc_read_seccomp_config(conf);
if (ret < 0)
return log_error(-1, "Failed loading seccomp policy");
TRACE("Read seccomp policy");
ret = lsm_process_prepare(conf, handler->lxcpath); ret = lsm_process_prepare(conf, handler->lxcpath);
if (ret < 0) { if (ret < 0) {
ERROR("Failed to initialize LSM"); ERROR("Failed to initialize LSM");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment