[PATCH 1/1] seccomp: Always "goto wait" if the list is empty

Rodrigo Campos rodrigo at kinvolk.io
Tue Apr 13 18:02:35 UTC 2021


On Tue, Apr 13, 2021 at 7:54 PM Christian Brauner
<christian.brauner at ubuntu.com> wrote:
> > Fixes: 7cf97b1254550
> > Cc: stable at vger.kernel.org # 5.9+
> > Signed-off-by: Rodrigo Campos <rodrigo at kinvolk.io>
> > ---
>
> So the agent will see the return value from
> wait_for_completion_interruptible() and know that the addfd wasn't
> successful and the target will notice that no addfd request has actually
> been added and essentially try again. Seems like a decent fix and can be

Yes, exactly!

> backported cleanly. I assume seccomp testsuite passes.

Yes, seccomp selftests (tools/testing/selftests/seccomp/seccomp_bpf) passes fine

> Acked-by: Christian Brauner <christian.brauner at ubuntu.com>

Thanks!


More information about the Containers mailing list