[pve-devel] [PATCH container 3/4] mask 'mknod' feature by kernel version

Wolfgang Bumiller Thu, 30 Jan 2020 00:28:22 -0800

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
 src/PVE/LXC.pm | 5 +++++
 1 file changed, 5 insertions(+)


diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 9e25ad4..b4d3b7d 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -534,6 +534,11 @@ sub make_seccomp_config {
     # leave up to the kernel. We may in the future remove this if seccomp gets
     # a way to tell the kernel to "continue" a syscall.
     if ($features->{mknod}) {
+       my ($ok, $kernel) = check_kernel_release(5, 3);
+       if (!$ok) {
+           die "'mknod' feature requested, but kernel too old (found $kernel, 
required >= 5.3)\n";
+       }
+
        $raw_conf .= "lxc.seccomp.notify.proxy = 
unix:/run/pve/lxc-syscalld.sock\n";
 
        $rules->{mknod} = [
-- 
2.20.1


_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH container 3/4] mask 'mknod' feature by kernel version

Reply via email to