The previous API doesn't reflect the fact that
`seccomp_notif` and `seccomp_notif_resp` are allocatd
dynamically with sizes figured out at runtime.
We now query the sizes via the seccomp(2) syscall and change
`struct seccomp_notify_proxy_msg` to contain the sizes
instead of the data, with the data following afterwards.
Additionally it did not provide a convenient way to identify
the container the message originated from, for which we now
include a cookie configured via `lxc.seccomp.notify.cookie`.
Since we currently always send exactly one request and await
the response immediately, verify the `id` in the client's
response.
Finally, the proxy message's "version" field is removed, and
we reserve 64 bits in its place.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
projects / mirror_lxc.git / commit