Catch seccomp violations by init

Note that if a task other than init violates the seccomp policy, we cannot catch that. Init will catch it and (if it feels like it) log it. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Catch seccomp violations by init
c2b9bd9e · Serge Hallyn · Stéphane Graber · 642d1ccd · c2b9bd9e
Commit c2b9bd9e authored Feb 24, 2014 by Serge Hallyn Committed by Stéphane Graber Feb 24, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

start.c src/lxc/start.c +3 -0

No files found.
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1050,6 +1050,9 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
 			DEBUG("Container rebooting");
 			handler->conf->reboot = 1;
 			break;
+		case SIGSYS: /* seccomp */
+			DEBUG("Container violated its seccomp policy");
+			break;
 		default:
 			DEBUG("unknown exit status for init: %d", WTERMSIG(status));
 			break;