Skip to content

fixes missing default permission#1532

Merged
estesp merged 1 commit intocontainerd:masterfrom
mikebrow:seccomp-default-proc-fix
Sep 20, 2017
Merged

fixes missing default permission#1532
estesp merged 1 commit intocontainerd:masterfrom
mikebrow:seccomp-default-proc-fix

Conversation

@mikebrow
Copy link
Copy Markdown
Member

@mikebrow mikebrow commented Sep 20, 2017

Fixes missing default permission to allow sys call arch_prctl when runtime.GOARCH == amd64, was testing for "amd" not "amd64"

runtime.GOARC: "amd64" maps to (amd)
runtime.GOARC: "386" maps to (x86)

Signed-off-by: Mike Brown [email protected]

@mikebrow mikebrow mentioned this pull request Sep 20, 2017
Merged
@codecov-io
Copy link
Copy Markdown

codecov-io commented Sep 20, 2017

Codecov Report

Merging #1532 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1532   +/-   ##
=======================================
  Coverage   42.61%   42.61%           
=======================================
  Files          24       24           
  Lines        3318     3318           
=======================================
  Hits         1414     1414           
  Misses       1581     1581           
  Partials      323      323

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 78c4e55...120bb4c. Read the comment docs.

crosbymichael
crosbymichael reviewed Sep 20, 2017
View reviewed changes
Comment thread contrib/seccomp/seccomp_default.go
Args: []specs.LinuxSeccompArg{},
})
case "amd", "x32":
case "amd64":
Copy link
Copy Markdown
Member

@crosbymichael crosbymichael Sep 20, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what about 32 here?

Copy link
Copy Markdown
Member

@estesp estesp Sep 20, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the syscall is only available on 64-bit (https://www.systutorials.com/docs/linux/man/2-arch_prctl/) so I assume the x32 was an error anyway.

Copy link
Copy Markdown
Member Author

@mikebrow mikebrow Sep 20, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

from my digging around does not exist as a valid golang runtime.GOARCH response..

estesp
estesp reviewed Sep 20, 2017
View reviewed changes
Copy link
Copy Markdown
Member

@estesp estesp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure about the "386" (see comment); the other change appears to be correct from what I understand.

Comment thread contrib/seccomp/seccomp_default.go
Args: []specs.LinuxSeccompArg{},
})
case "amd", "x32":
case "amd64":
Copy link
Copy Markdown
Member

@estesp estesp Sep 20, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the syscall is only available on 64-bit (https://www.systutorials.com/docs/linux/man/2-arch_prctl/) so I assume the x32 was an error anyway.

Comment thread contrib/seccomp/seccomp_default.go
})
fallthrough
case "x86":
case "386":
Copy link
Copy Markdown
Member

@estesp estesp Sep 20, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From the Go libseccomp library I don't see any arch "386"; they support "x32" for 32-bit Intel as far as I can tell?

Copy link
Copy Markdown
Member

@estesp estesp Sep 20, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the noise--just realized you are switching on runtime.GOARCH where 386 is correct

@crosbymichael
Copy link
Copy Markdown
Member

crosbymichael commented Sep 20, 2017

LGTM

estesp
estesp approved these changes Sep 20, 2017
View reviewed changes
Copy link
Copy Markdown
Member

@estesp estesp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@estesp estesp merged commit 9934acb into containerd:master Sep 20, 2017
mauriciovasquezbernal pushed a commit to kinvolk/containerd that referenced this pull request Nov 13, 2020
@mikebrow
Merge pull request containerd#1532 from jsturtevant/update-pause-imag…
1d3b9c5 
…e-ref

Update to latest Windows SandboxImage
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crosbymichael crosbymichael crosbymichael left review comments

@estesp estesp estesp approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mikebrow @codecov-io @crosbymichael @estesp