Merge pull request #1008 from giuseppe/seccomp-wait-killable-recv

seccomp: honor SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV
containers · Sep 7, 2022 · d99dc2c · d99dc2c
2 parents f8ab021 + 396ac88
commit d99dc2c
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/libcrun/seccomp.c b/src/libcrun/seccomp.c
@@ -74,6 +74,10 @@
 #  define SECCOMP_FILTER_FLAG_SPEC_ALLOW (1UL << 2)
 #endif
 
+#ifndef SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV
+#  define SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (1UL << 5)
+#endif
+
 static int
 syscall_seccomp (unsigned int operation, unsigned int flags, void *args)
 {
@@ -209,6 +213,8 @@ libcrun_apply_seccomp (int infd, int listener_receiver_fd, const char *receiver_
             flags |= SECCOMP_FILTER_FLAG_SPEC_ALLOW;
           else if (strcmp (seccomp_flags[i], "SECCOMP_FILTER_FLAG_LOG") == 0)
             flags |= SECCOMP_FILTER_FLAG_LOG;
+          else if (strcmp (seccomp_flags[i], "SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV") == 0)
+            flags |= SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV;
           else
             return crun_make_error (err, 0, "unknown seccomp option %s", seccomp_flags[i]);
         }