[Virtio-fs] [PATCH] virtiofsd: conditional compile seccomp flag support
Eric Ren
renzhen at linux.alibaba.com
Fri Jul 12 12:27:24 UTC 2019
On Fri, Jul 12, 2019 at 10:04:46AM +0200, Stefan Hajnoczi wrote:
> On Wed, Jul 10, 2019 at 09:06:42PM +0800, Eric Ren wrote:
> > SCMP_FLTATTR_CTL_TSYNC flag is only available on
> > Linux Kernel 3.17 or greater. So, conditional compile
> > to make virtio-fs work on older host kernel.
> >
> > Signed-off-by: Eric Ren <renzhen at linux.alibaba.com>
> > ---
> > contrib/virtiofsd/seccomp.c | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > diff --git a/contrib/virtiofsd/seccomp.c b/contrib/virtiofsd/seccomp.c
> > index 4e388adc9c..5a28a90859 100644
> > --- a/contrib/virtiofsd/seccomp.c
> > +++ b/contrib/virtiofsd/seccomp.c
> > @@ -11,6 +11,7 @@
> > #include <errno.h>
> > #include <seccomp.h>
> > #include <glib.h>
> > +#include <linux/version.h>
> > #include "seccomp.h"
> >
> > static const int syscall_whitelist[] = {
> > @@ -92,9 +93,12 @@ void setup_seccomp(void)
> > err(1, "seccomp_init()");
> > }
> >
> > +#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,17,0)
> > + // SCMP_FLTATR_CTL_TSYNC flag is only available on Linux Kernel 3.17 or greater
> > if (seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1) != 0) {
> > err(1, "seccomp_attr_set(ctx, SCMP_FLTATTR_CTL_TSYNC, 1)");
> > }
> > +#endif
>
> There are no threads when setup_seccomp() is invoked so the TSYNC
> attribute is not required.
Aha, great.
> Please remove the TSYNC call. Then we don't need to worry about version
> or feature checks.
OK.
Regards,
Eric
>
> Thanks,
> Stefan
More information about the Virtio-fs
mailing list