seccomp: keep retrying to reconnect to proxy

If a syscall happens after we already failed to communicate with the proxy, proxy_fd was -1. Before the previous commit we'd then be stuck in the state where there was no proxy registered. With the previous commit we'd send a default reply and only then try to reconnect. Improve this even further by trying to reconnect right at the start. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

seccomp: keep retrying to reconnect to proxy
ed3a98c4 · Wolfgang Bumiller · 1370a882 · ed3a98c4
Commit ed3a98c4 authored Jul 05, 2019 by Wolfgang Bumiller
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 2 deletions

seccomp.c src/lxc/seccomp.c +12 -2

No files found.
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1374,8 +1374,18 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
 	}

 	if (listener_proxy_fd < 0) {
-		ERROR("No seccomp proxy registered");
-		return seccomp_notify_default_answer(fd, req, resp, hdlr);
+		ret = -1;
+		/* Same condition as for the initial setup_proxy() */
+		if (conf->seccomp.notifier.wants_supervision &&
+		    conf->seccomp.notifier.proxy_addr.sun_path[1] != '\0') {
+			ret = seccomp_notify_reconnect(hdlr);
+		}
+		if (ret) {
+			ERROR("No seccomp proxy registered");
+			return seccomp_notify_default_answer(fd, req, resp,
+							     hdlr);
+		}
+		listener_proxy_fd = conf->seccomp.notifier.proxy_fd;
 	}

 	/* remember the ID in case we receive garbage from the proxy */