]>
git.proxmox.com Git - mirror_lxc.git/log
Christian Brauner [Fri, 8 Jun 2018 13:17:32 +0000 (15:17 +0200)]
Merge pull request #2388 from 2xsec/coverity
coverity: #
1425811
Donghwa Jeong [Fri, 8 Jun 2018 13:03:37 +0000 (22:03 +0900)]
coverity: #
1425811
Resource leak
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Christian Brauner [Fri, 8 Jun 2018 12:58:08 +0000 (14:58 +0200)]
Merge pull request #2387 from 2xsec/coverity
coverity: #
1425753
Donghwa Jeong [Fri, 8 Jun 2018 12:37:48 +0000 (21:37 +0900)]
coverity: #
1425753
Copy into fixed size buffer
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Christian Brauner [Fri, 8 Jun 2018 09:12:28 +0000 (11:12 +0200)]
Merge pull request #2385 from 2xsec/coverity
coverity: #
1425836
Donghwa Jeong [Fri, 8 Jun 2018 07:38:56 +0000 (16:38 +0900)]
coverity: #
1425836
Resource leak
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Christian Brauner [Fri, 8 Jun 2018 06:00:41 +0000 (08:00 +0200)]
Merge pull request #2384 from 2xsec/bugfix
pam_cgfs: fix Logically dead code.
Christian Brauner [Fri, 8 Jun 2018 06:00:06 +0000 (08:00 +0200)]
Merge pull request #2383 from 2xsec/coverity
coverity: #
1425849 , #
1425821 , #
1425794 , #
1425779 , #
1425777 , #
1425795 , #
1425841
Donghwa Jeong [Fri, 8 Jun 2018 05:16:53 +0000 (14:16 +0900)]
pam_cgfs: fix Logically dead code.
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Donghwa Jeong [Fri, 8 Jun 2018 02:22:18 +0000 (11:22 +0900)]
coverity: #
1425849
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Donghwa Jeong [Fri, 8 Jun 2018 02:20:08 +0000 (11:20 +0900)]
coverity: #
1425841
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Donghwa Jeong [Fri, 8 Jun 2018 02:18:25 +0000 (11:18 +0900)]
coverity: #
1425821
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Donghwa Jeong [Fri, 8 Jun 2018 02:16:31 +0000 (11:16 +0900)]
coverity: #
1425795
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Donghwa Jeong [Fri, 8 Jun 2018 02:14:40 +0000 (11:14 +0900)]
coverity: #
1425794
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Donghwa Jeong [Fri, 8 Jun 2018 02:12:52 +0000 (11:12 +0900)]
coverity: #
1425779
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Donghwa Jeong [Fri, 8 Jun 2018 02:11:03 +0000 (11:11 +0900)]
coverity: #
1425777
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Stéphane Graber [Wed, 6 Jun 2018 20:29:45 +0000 (16:29 -0400)]
Merge pull request #2378 from brauner/2018-06-05/revert_seccomp_strict
Revert "seccomp: make do_resolve_add_rule() more strict"
Christian Brauner [Wed, 6 Jun 2018 11:14:20 +0000 (13:14 +0200)]
seccomp: replace misleading warning messages
Reported-by: Felix Abecassis <fabecassis@nvidia.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 5 Jun 2018 21:15:46 +0000 (23:15 +0200)]
Merge pull request #2381 from stgraber/master
Fix typo
Stéphane Graber [Tue, 5 Jun 2018 21:13:57 +0000 (17:13 -0400)]
Fix typo
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Christian Brauner [Tue, 5 Jun 2018 09:21:23 +0000 (11:21 +0200)]
Revert "seccomp: make do_resolve_add_rule() more strict"
This reverts commit
dfddc8aa7ef3362212f8394995088a5f525730dd .
Closes #2376.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 5 Jun 2018 08:53:16 +0000 (10:53 +0200)]
Merge pull request #2377 from 2xsec/bugfix
conf: change some logs to print errno
Donghwa Jeong [Tue, 5 Jun 2018 05:43:48 +0000 (14:43 +0900)]
conf: change some logs to print errno
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Serge Hallyn [Mon, 4 Jun 2018 14:36:43 +0000 (09:36 -0500)]
Merge pull request #2374 from brauner/2018-06-04/fix_remount_all_slave
conf: copy mountinfo for remount_all_slave()
Christian Brauner [Mon, 4 Jun 2018 11:39:24 +0000 (13:39 +0200)]
Merge pull request #2362 from duguhaotian/work
support tls in cross-compile
duguhaotian [Wed, 30 May 2018 02:25:40 +0000 (10:25 +0800)]
support tls in cross-compile
AC_RUN_IFELSE will fail in cross-compile,
we can use AC_COMPILE_IFELSE replace.
Signed-off-by: duguhaotian <duguhaotian@gmail.com>
Christian Brauner [Mon, 4 Jun 2018 10:49:05 +0000 (12:49 +0200)]
conf: copy mountinfo for remount_all_slave()
While a container reads mountinfo from proc fs, the mountinfo can be changed by
the kernel anytime. This has caused critical issues on some devices.
Signed-off-by: Donghwa Jeong dh48.jeong@samsung.com
Reported-by: Donghwa Jeong dh48.jeong@samsung.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 2 Jun 2018 01:11:59 +0000 (03:11 +0200)]
Merge pull request #2372 from flx42/more-seccomp-fixes
More seccomp fixes
Felix Abecassis [Fri, 1 Jun 2018 23:36:26 +0000 (16:36 -0700)]
seccomp: use a default value of 0 for the mask
The mask was unconditionally parsed, it failed if no mask was
provided.
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
Felix Abecassis [Fri, 1 Jun 2018 23:01:22 +0000 (16:01 -0700)]
seccomp: drop misleading argument name inherited from the OCI spec
The last (optional) argument was named "valueTwo", which seems to
originate from the OCI runtime spec:
https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#seccomp
In proper seccomp terminology, "value" is "datum_a" and "valueTwo" is "datum_b".
However, LXC's "valueTwo" was used as the mask for SCMP_CMP_MASKED_EQ,
while the mask is supposed to be "datum_a".
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
Stéphane Graber [Fri, 1 Jun 2018 18:55:58 +0000 (14:55 -0400)]
Merge pull request #2371 from brauner/2018-06-01/use_read_nointr
tree-wide: handle EINTR in some read()/write()
Christian Brauner [Fri, 1 Jun 2018 17:53:06 +0000 (19:53 +0200)]
tree-wide: handle EINTR in some read()/write()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 1 Jun 2018 13:50:30 +0000 (15:50 +0200)]
Merge pull request #2370 from jsurloppe/fix-lxc-update-config
Patch lxc-update-config
Julien Surloppe [Fri, 1 Jun 2018 13:38:57 +0000 (15:38 +0200)]
Patch lxc-update-config
The current script doesn't generate a valid configuration for
lxc.network.ipv4 key, it lacking an .address part which lead to:
parse.c: lxc_file_for_each_line: 58 Failed to parse config: lxc.net.0.ipv4 = 192.168.10.101/24
Signed-off-by: Julien Surloppe <julien@surloppe.fr>
Christian Brauner [Fri, 1 Jun 2018 09:25:14 +0000 (11:25 +0200)]
templates: fix download template
This patch fixes
commit
6e62213e0294 ("templates: actually create DOWNLOAD_TEMP directory".
To use mktemp -p correctly the directories need to exist. So call mkdir -p.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 31 May 2018 20:41:23 +0000 (22:41 +0200)]
Merge pull request #2369 from masselstine/master
templates: actually create DOWNLOAD_TEMP directory
Mark Asselstine [Thu, 31 May 2018 20:21:45 +0000 (16:21 -0400)]
templates: actually create DOWNLOAD_TEMP directory
The way 'mktemp' is currently used you will get a temp directory in
$TMPDIR or '/tmp' and DOWNLOAD_TEMP will not be pointing to an actual
directory. This will result in the wget operations failing and the
container will fail to create:
ERROR: Failed to download http://....
Instead we want to use the '-p' option for mktemp to set the base path
and this will ensure that the temp directory is created in the correct
location and DOWNLOAD_TEMP will be consistent with this location.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Christian Brauner [Thu, 31 May 2018 11:57:58 +0000 (13:57 +0200)]
Merge pull request #2367 from 2xsec/bugfix
confile_utils: apply strprint()
Donghwa Jeong [Thu, 31 May 2018 11:39:46 +0000 (20:39 +0900)]
confile_utils: apply strprint()
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Christian Brauner [Thu, 31 May 2018 10:24:08 +0000 (12:24 +0200)]
tree-wide: fix mode of some files
commit
321db0260f6f ("start: fix waitpid() blocking issue") and
commit
b2a485085392 ("change defines for return value of handlers)
changed the mode of files.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 31 May 2018 10:22:21 +0000 (12:22 +0200)]
Merge pull request #2366 from 2xsec/bugfix
change defines for return value of handlers
Christian Brauner [Thu, 31 May 2018 10:18:02 +0000 (12:18 +0200)]
start: log unknown info.si_code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Donghwa Jeong [Thu, 31 May 2018 08:58:08 +0000 (17:58 +0900)]
start: fix waitpid() blocking issue
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Donghwa Jeong [Thu, 31 May 2018 05:54:43 +0000 (14:54 +0900)]
change defines for return value of handlers
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Stéphane Graber [Wed, 30 May 2018 15:35:32 +0000 (11:35 -0400)]
Merge pull request #2365 from brauner/2018-05-30/improve_strprint
confile: improve strprint()
Christian Brauner [Wed, 30 May 2018 13:34:03 +0000 (15:34 +0200)]
confile: improve strprint()
POSIX specifies [1]:
"If the value of n is zero on a call to snprintf(), nothing shall be written,
the number of bytes that would have been written had n been sufficiently large
excluding the terminating null shall be returned, and s may be a null pointer."
But in case there are any non-sane libcs out there that do actually dereference
the buffer when when 0 is passed as length to snprintf() let's give them a
dummy buffer.
[1]: The Open Group Base Specifications Issue 7, 2018 edition
IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008)
Copyright © 2001-2018 IEEE and The Open Group
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Donghwa Jeong <dh48.jeong@samsung.com>
Christian Brauner [Wed, 30 May 2018 03:37:13 +0000 (05:37 +0200)]
Merge pull request #2363 from 2xsec/master
conf: va_end was not called.
Stéphane Graber [Tue, 29 May 2018 19:15:46 +0000 (15:15 -0400)]
Merge pull request #2360 from brauner/2018-05-29/conf_cleanup
conf: small cleanups
Donghwa Jeong [Tue, 29 May 2018 13:01:27 +0000 (22:01 +0900)]
conf: va_end was not called.
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Christian Brauner [Mon, 28 May 2018 22:57:13 +0000 (00:57 +0200)]
conf: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 28 May 2018 22:54:16 +0000 (00:54 +0200)]
conf: make tmp_umount_proc bool
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 28 May 2018 22:52:37 +0000 (00:52 +0200)]
conf: make root idmap structs const
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 28 May 2018 22:48:15 +0000 (00:48 +0200)]
start: add reboot macros
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 28 May 2018 14:29:15 +0000 (10:29 -0400)]
Merge pull request #2358 from brauner/2018-05-28/do_not_init_ns_clone_flags
start: do not init ns_clone_flags to -1
Christian Brauner [Mon, 28 May 2018 13:10:19 +0000 (15:10 +0200)]
conf: ensure lxc_delete_tty() does not crash
We need to make sure that the ttys are actually initialized otherwise deleting
them is not safe.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 28 May 2018 11:27:43 +0000 (13:27 +0200)]
start: do not init ns_clone_flags to -1
ns_clone_flags is used as a bitmask so initializing it to -1 is a bad idea.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 28 May 2018 06:27:59 +0000 (08:27 +0200)]
Merge pull request #2355 from 2xsec/master
network: fix socket handle leak
Donghwa Jeong [Mon, 28 May 2018 04:42:45 +0000 (13:42 +0900)]
network: fix socket handle leak
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Stéphane Graber [Sat, 26 May 2018 22:04:33 +0000 (18:04 -0400)]
Merge pull request #2354 from brauner/2018-05-26/config_cleanups
conf: cleanups, and bugfixes
Christian Brauner [Sat, 26 May 2018 12:22:51 +0000 (14:22 +0200)]
utils: fix task_blocking_signal()
Closes #2342.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 11:12:32 +0000 (13:12 +0200)]
conf: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 11:09:13 +0000 (13:09 +0200)]
conf: pts -> pty_max
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 10:53:56 +0000 (12:53 +0200)]
conf: simplify tty handling
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 10:53:12 +0000 (12:53 +0200)]
conf: reshuffle mount members
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 10:52:09 +0000 (12:52 +0200)]
conf: make close_all_fds a boolean
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 10:50:53 +0000 (12:50 +0200)]
conf: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 10:50:03 +0000 (12:50 +0200)]
conf: make is_execute a boolean
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 10:48:09 +0000 (12:48 +0200)]
conf: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sat, 26 May 2018 03:48:10 +0000 (23:48 -0400)]
Merge pull request #2353 from brauner/2018-05-25/fix_lxc_create
tools: fix lxc-create with global config value II
Christian Brauner [Sat, 26 May 2018 01:25:20 +0000 (03:25 +0200)]
coverity: #
1435747
Dereference before null check
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 01:22:58 +0000 (03:22 +0200)]
coverity: #
1435803
Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 01:21:05 +0000 (03:21 +0200)]
coverity: #
1435805
Logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 01:20:36 +0000 (03:20 +0200)]
coverity: #
1435806
Logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 25 May 2018 17:35:00 +0000 (19:35 +0200)]
tools: fix lxc-create with global config value II
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 25 May 2018 14:12:04 +0000 (10:12 -0400)]
Merge pull request #2352 from brauner/2018-05-25/further_seccomp_fixes
seccomp: more fixes
Christian Brauner [Fri, 25 May 2018 13:43:59 +0000 (15:43 +0200)]
tools: fix lxc-create with global config value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 25 May 2018 11:27:50 +0000 (13:27 +0200)]
seccomp: make do_resolve_add_rule() more strict
Let's error out on syscalls that cannot be resolved or fail to resolve instead
of just warning users.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 25 May 2018 11:26:25 +0000 (13:26 +0200)]
seccomp: parse_v2_rules()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 25 May 2018 11:16:31 +0000 (13:16 +0200)]
seccomp: lxc_read_seccomp_config()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 25 May 2018 10:43:53 +0000 (12:43 +0200)]
Merge pull request #2351 from Blub/seccomp-fixup-2
Seccomp fixup part 2
Wolfgang Bumiller [Fri, 25 May 2018 10:07:12 +0000 (12:07 +0200)]
seccomp: error on unrecognized actions
Be more strict about unrecognized actions. Previously the
parser would happily accept lines with typos like:
kexec_load errrno 1
(note the extra 'r')
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 25 May 2018 10:04:13 +0000 (12:04 +0200)]
seccomp: refactor line handling of parse_config
Moving parse_config_v2 to use getline accidentally parsed
the wrong buffer. Since both _v1 and _v2 now use getline it
seems to be simpler to also use getline() for the first line
before entering the version specific parsers and pass along
the pointer and size so they can reuse them.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: 9c3798eba41c ("seccomp: parse_config_v2()")
Wolfgang Bumiller [Fri, 25 May 2018 09:44:42 +0000 (11:44 +0200)]
seccomp: re-add action parse error handling
This can happen when the 'errno' action can't parse its
supplied number.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: f67c94d00a0d ("seccomp: parse_v2_rules()")
Christian Brauner [Fri, 25 May 2018 07:13:29 +0000 (09:13 +0200)]
Merge pull request #2350 from Blub/seccomp-cleanup-fixup
seccomp: leak fixup
Wolfgang Bumiller [Fri, 25 May 2018 06:42:01 +0000 (08:42 +0200)]
seccomp: leak fixup
Fix an error case not free()ing the line forgotten during
the move from fgets() on a static buffer to using getline.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: ccf8d128e430 ("seccomp: parse_config_v1()")
Stéphane Graber [Fri, 25 May 2018 00:22:28 +0000 (20:22 -0400)]
Merge pull request #2349 from brauner/2018-05-24/prevent_fd_leak
lxccontainer: fix fd leaks when sending signals
Christian Brauner [Thu, 24 May 2018 22:25:16 +0000 (00:25 +0200)]
start: log setns() failure
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 22:12:46 +0000 (00:12 +0200)]
confile: order architectures
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 22:00:50 +0000 (00:00 +0200)]
lxccontainer: fix fd leaks when sending signals
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Thu, 24 May 2018 20:57:13 +0000 (16:57 -0400)]
Merge pull request #2347 from brauner/2018-05-24/seccomp_cleanups
seccomp: cleanup
Stéphane Graber [Thu, 24 May 2018 20:53:19 +0000 (16:53 -0400)]
Merge pull request #2348 from brauner/2018-05-24/pthread_sigmask
tree-wide: s/sigprocmask/pthread_sigmask()/g
Christian Brauner [Thu, 24 May 2018 18:45:29 +0000 (20:45 +0200)]
utils: fix task_blocking_signal()
sscanf() skips whitespace anyway so don't account for tabs in case the file
layout changes.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 18:29:48 +0000 (20:29 +0200)]
tree-wide: s/sigprocmask/pthread_sigmask()/g
The behavior of sigprocmask() is unspecified in multi-threaded programs. Let's
use pthread_sigmask() instead.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 14:53:31 +0000 (16:53 +0200)]
seccomp: lxc_read_seccomp_config()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 14:49:28 +0000 (16:49 +0200)]
seccomp: parse_config()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 14:47:08 +0000 (16:47 +0200)]
seccomp: parse_config_v2()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 14:35:21 +0000 (16:35 +0200)]
seccomp: do_resolve_add_rule()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 14:28:02 +0000 (16:28 +0200)]
seccomp: scmp_filter_ctx get_new_ctx()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 14:24:59 +0000 (16:24 +0200)]
seccomp: get_hostarch()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 14:24:09 +0000 (16:24 +0200)]
seccomp: move #ifdefines
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>