Blacklist support in oz-init.

master
dma 9 years ago
parent 68bceab76b
commit aa9a2966bc

@ -313,6 +313,10 @@ func (st *initState) launchApplication(cpath, pwd string, cmdArgs []string) (*ex
st.log.Notice("Enabling seccomp whitelist for: %s", cpath) st.log.Notice("Enabling seccomp whitelist for: %s", cpath)
cmdArgs = append([]string{"-w", cpath}, cmdArgs...) cmdArgs = append([]string{"-w", cpath}, cmdArgs...)
cpath = path.Join(st.config.PrefixPath, "bin", "oz-seccomp") cpath = path.Join(st.config.PrefixPath, "bin", "oz-seccomp")
} else if st.profile.Seccomp.Mode == oz.PROFILE_SECCOMP_BLACKLIST {
st.log.Notice("Enabling seccomp blacklist for: %s", cpath)
cmdArgs = append([]string{"-b", cpath}, cmdArgs...)
cpath = path.Join(st.config.PrefixPath, "bin", "oz-seccomp")
} }
cmd := exec.Command(cpath) cmd := exec.Command(cpath)
stdout, err := cmd.StdoutPipe() stdout, err := cmd.StdoutPipe()
@ -332,7 +336,8 @@ func (st *initState) launchApplication(cpath, pwd string, cmdArgs []string) (*ex
} }
cmd.Env = append(cmd.Env, st.launchEnv...) cmd.Env = append(cmd.Env, st.launchEnv...)
if st.profile.Seccomp.Mode == oz.PROFILE_SECCOMP_WHITELIST { if st.profile.Seccomp.Mode == oz.PROFILE_SECCOMP_WHITELIST ||
st.profile.Seccomp.Mode == oz.PROFILE_SECCOMP_BLACKLIST {
cmd.Env = append(cmd.Env, "_OZ_PROFILE="+st.profile.Name) cmd.Env = append(cmd.Env, "_OZ_PROFILE="+st.profile.Name)
} }

Loading…
Cancel
Save