[pve-devel] [PATCH container 3/4] mask 'mknod' feature by kernel version
Wolfgang Bumiller
w.bumiller at proxmox.com
Thu Jan 30 09:27:32 CET 2020
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
src/PVE/LXC.pm | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 9e25ad4..b4d3b7d 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -534,6 +534,11 @@ sub make_seccomp_config {
# leave up to the kernel. We may in the future remove this if seccomp gets
# a way to tell the kernel to "continue" a syscall.
if ($features->{mknod}) {
+ my ($ok, $kernel) = check_kernel_release(5, 3);
+ if (!$ok) {
+ die "'mknod' feature requested, but kernel too old (found $kernel, required >= 5.3)\n";
+ }
+
$raw_conf .= "lxc.seccomp.notify.proxy = unix:/run/pve/lxc-syscalld.sock\n";
$rules->{mknod} = [
--
2.20.1
More information about the pve-devel
mailing list