Fix seccomp profile on attach of undefined container

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com>

Fix seccomp profile on attach of undefined container
bd7b4e28 · Stéphane Graber · d86eb75c · bd7b4e28
Commit bd7b4e28 authored Dec 10, 2015 by Stéphane Graber
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 1 deletion

attach.c src/lxc/attach.c +20 -1

No files found.
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -661,6 +661,7 @@ static bool fetch_seccomp(const char *name, const char *lxcpath,
 		struct lxc_proc_context_info *i, lxc_attach_options_t *options)
 {
 	struct lxc_container *c;
+	char *path;
 	if (!(options->namespaces & CLONE_NEWNS) || !(options->attach_flags & LXC_ATTACH_LSM))
 		return true;
@@ -669,8 +670,26 @@ static bool fetch_seccomp(const char *name, const char *lxcpath,
 	if (!c)
 		return false;
 	i->container = c;
-	if (!c->lxc_conf)
+	/* Initialize an empty lxc_conf */
+	if (!c->set_config_item(c, "lxc.seccomp", "")) {
 		return false;
+	}
+	/* Fetch the current profile path over the cmd interface */
+	path = c->get_running_config_item(c, "lxc.seccomp");
+	if (!path) {
+		return true;
+	}
+	/* Copy the value into the new lxc_conf */
+	if (!c->set_config_item(c, "lxc.seccomp", path)) {
+		free(path);
+		return false;
+	}
+	free(path);
+	/* Attempt to parse the resulting config */
 	if (lxc_read_seccomp_config(c->lxc_conf) < 0) {
 		ERROR("Error reading seccomp policy");
 		return false;