|
|
@ -313,6 +313,10 @@ func (st *initState) launchApplication(cpath, pwd string, cmdArgs []string) (*ex
|
|
|
|
st.log.Notice("Enabling seccomp whitelist for: %s", cpath)
|
|
|
|
st.log.Notice("Enabling seccomp whitelist for: %s", cpath)
|
|
|
|
cmdArgs = append([]string{"-w", cpath}, cmdArgs...)
|
|
|
|
cmdArgs = append([]string{"-w", cpath}, cmdArgs...)
|
|
|
|
cpath = path.Join(st.config.PrefixPath, "bin", "oz-seccomp")
|
|
|
|
cpath = path.Join(st.config.PrefixPath, "bin", "oz-seccomp")
|
|
|
|
|
|
|
|
} else if st.profile.Seccomp.Mode == oz.PROFILE_SECCOMP_BLACKLIST {
|
|
|
|
|
|
|
|
st.log.Notice("Enabling seccomp blacklist for: %s", cpath)
|
|
|
|
|
|
|
|
cmdArgs = append([]string{"-b", cpath}, cmdArgs...)
|
|
|
|
|
|
|
|
cpath = path.Join(st.config.PrefixPath, "bin", "oz-seccomp")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
cmd := exec.Command(cpath)
|
|
|
|
cmd := exec.Command(cpath)
|
|
|
|
stdout, err := cmd.StdoutPipe()
|
|
|
|
stdout, err := cmd.StdoutPipe()
|
|
|
@ -332,7 +336,8 @@ func (st *initState) launchApplication(cpath, pwd string, cmdArgs []string) (*ex
|
|
|
|
}
|
|
|
|
}
|
|
|
|
cmd.Env = append(cmd.Env, st.launchEnv...)
|
|
|
|
cmd.Env = append(cmd.Env, st.launchEnv...)
|
|
|
|
|
|
|
|
|
|
|
|
if st.profile.Seccomp.Mode == oz.PROFILE_SECCOMP_WHITELIST {
|
|
|
|
if st.profile.Seccomp.Mode == oz.PROFILE_SECCOMP_WHITELIST ||
|
|
|
|
|
|
|
|
st.profile.Seccomp.Mode == oz.PROFILE_SECCOMP_BLACKLIST {
|
|
|
|
cmd.Env = append(cmd.Env, "_OZ_PROFILE="+st.profile.Name)
|
|
|
|
cmd.Env = append(cmd.Env, "_OZ_PROFILE="+st.profile.Name)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|