[pve-devel] [PATCH container 4/4] set lxc.seccomp.notify.cookie to the vmid

Wolfgang Bumiller w.bumiller at proxmox.com
Thu Jan 30 09:27:33 CET 2020


Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
 src/PVE/LXC.pm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index b4d3b7d..cb2531f 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -496,7 +496,7 @@ sub check_kernel_release {
 #
 # This returns a configuration snippet added to the raw lxc config.
 sub make_seccomp_config {
-    my ($conf, $conf_dir, $unprivileged, $features) = @_;
+    my ($conf, $vmid, $conf_dir, $unprivileged, $features) = @_;
     # User-configured profile has precedence, note that the user's entry would
     # be written 'after' this line anyway...
     if (PVE::LXC::Config->has_lxc_entry($conf, 'lxc.seccomp.profile')) {
@@ -540,6 +540,7 @@ sub make_seccomp_config {
 	}
 
 	$raw_conf .= "lxc.seccomp.notify.proxy = unix:/run/pve/lxc-syscalld.sock\n";
+	$raw_conf .= "lxc.seccomp.notify.cookie = $vmid\n";
 
 	$rules->{mknod} = [
 	    # condition: (mode & S_IFMT) == S_IFCHR
@@ -673,7 +674,7 @@ sub update_lxc_config {
 
     my $features = PVE::LXC::Config->parse_features($conf->{features});
 
-    $raw .= make_seccomp_config($conf, $dir, $unprivileged, $features);
+    $raw .= make_seccomp_config($conf, $vmid, $dir, $unprivileged, $features);
     $raw .= make_apparmor_config($conf, $unprivileged, $features);
     if ($features->{fuse}) {
 	$raw .= "lxc.apparmor.raw = mount fstype=fuse,\n";
-- 
2.20.1




More information about the pve-devel mailing list