Browse code
seccomp: review update
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Tonis Tiigi authored on 2019/02/06 04:31:44Showing 3 changed files
| ... | ... |
@@ -96,21 +96,6 @@ func setupSeccomp(config *types.Seccomp, rs *specs.Spec) (*specs.LinuxSeccomp, e |
| 96 | 96 |
|
| 97 | 97 |
newConfig.DefaultAction = specs.LinuxSeccompAction(config.DefaultAction) |
| 98 | 98 |
|
| 99 |
- var currentKernelVersion *kernel.VersionInfo |
|
| 100 |
- kernelGreaterEqualThan := func(v string) (bool, error) {
|
|
| 101 |
- version, err := kernel.ParseRelease(v) |
|
| 102 |
- if err != nil {
|
|
| 103 |
- return false, err |
|
| 104 |
- } |
|
| 105 |
- if currentKernelVersion == nil {
|
|
| 106 |
- currentKernelVersion, err = kernel.GetKernelVersion() |
|
| 107 |
- if err != nil {
|
|
| 108 |
- return false, err |
|
| 109 |
- } |
|
| 110 |
- } |
|
| 111 |
- return kernel.CompareKernelVersion(*version, *currentKernelVersion) <= 0, nil |
|
| 112 |
- } |
|
| 113 |
- |
|
| 114 | 99 |
Loop: |
| 115 | 100 |
// Loop through all syscall blocks and convert them to libcontainer format after filtering them |
| 116 | 101 |
for _, call := range config.Syscalls {
|
| ... | ... |
@@ -188,3 +173,19 @@ func createSpecsSyscall(name string, action types.Action, args []*types.Arg) spe |
| 188 | 188 |
} |
| 189 | 189 |
return newCall |
| 190 | 190 |
} |
| 191 |
+ |
|
| 192 |
+var currentKernelVersion *kernel.VersionInfo |
|
| 193 |
+ |
|
| 194 |
+func kernelGreaterEqualThan(v string) (bool, error) {
|
|
| 195 |
+ version, err := kernel.ParseRelease(v) |
|
| 196 |
+ if err != nil {
|
|
| 197 |
+ return false, err |
|
| 198 |
+ } |
|
| 199 |
+ if currentKernelVersion == nil {
|
|
| 200 |
+ currentKernelVersion, err = kernel.GetKernelVersion() |
|
| 201 |
+ if err != nil {
|
|
| 202 |
+ return false, err |
|
| 203 |
+ } |
|
| 204 |
+ } |
|
| 205 |
+ return kernel.CompareKernelVersion(*version, *currentKernelVersion) <= 0, nil |
|
| 206 |
+} |