conf: add lxc.seccomp.notify.cookie

This is an arbitrary string to to be included in proxied
seccomp notification messages.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index bb1edc7cb904eb641d8caaba96c9d107251f3bdf..b08aa0174fda2feeb76dc5feb3e402edfded4fba 100644 (file)
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -153,6 +153,7 @@ lxc_config_define(rootfs_options);
 lxc_config_define(rootfs_path);
 lxc_config_define(seccomp_profile);
 lxc_config_define(seccomp_allow_nesting);
+lxc_config_define(seccomp_notify_cookie);
 lxc_config_define(seccomp_notify_proxy);
 lxc_config_define(selinux_context);
 lxc_config_define(signal_halt);
@@ -246,6 +247,7 @@ static struct lxc_config_t config_jump_table[] = {
        { "lxc.rootfs.options",            set_config_rootfs_options,              get_config_rootfs_options,              clr_config_rootfs_options,            },
        { "lxc.rootfs.path",               set_config_rootfs_path,                 get_config_rootfs_path,                 clr_config_rootfs_path,               },
        { "lxc.seccomp.allow_nesting",     set_config_seccomp_allow_nesting,       get_config_seccomp_allow_nesting,       clr_config_seccomp_allow_nesting,     },
+       { "lxc.seccomp.notify.cookie",     set_config_seccomp_notify_cookie,       get_config_seccomp_notify_cookie,       clr_config_seccomp_notify_cookie,     },
        { "lxc.seccomp.notify.proxy",      set_config_seccomp_notify_proxy,        get_config_seccomp_notify_proxy,        clr_config_seccomp_notify_proxy,      },
        { "lxc.seccomp.profile",           set_config_seccomp_profile,             get_config_seccomp_profile,             clr_config_seccomp_profile,           },
        { "lxc.selinux.context",           set_config_selinux_context,             get_config_selinux_context,             clr_config_selinux_context,           },
@@ -1013,6 +1015,16 @@ static int set_config_seccomp_allow_nesting(const char *key, const char *value,
 #endif
 }
 
+static int set_config_seccomp_notify_cookie(const char *key, const char *value,
+                                           struct lxc_conf *lxc_conf, void *data)
+{
+#ifdef HAVE_SECCOMP_NOTIFY
+       return set_config_string_item(&lxc_conf->seccomp.notifier.cookie, value);
+#else
+       return minus_one_set_errno(ENOSYS);
+#endif
+}
+
 static int set_config_seccomp_notify_proxy(const char *key, const char *value,
                                           struct lxc_conf *lxc_conf, void *data)
 {
@@ -3955,6 +3967,16 @@ static int get_config_seccomp_allow_nesting(const char *key, char *retv,
 #endif
 }
 
+static int get_config_seccomp_notify_cookie(const char *key, char *retv, int inlen,
+                                           struct lxc_conf *c, void *data)
+{
+#ifdef HAVE_SECCOMP_NOTIFY
+       return lxc_get_conf_str(retv, inlen, c->seccomp.notifier.cookie);
+#else
+       return minus_one_set_errno(ENOSYS);
+#endif
+}
+
 static int get_config_seccomp_notify_proxy(const char *key, char *retv, int inlen,
                                           struct lxc_conf *c, void *data)
 {
@@ -4563,6 +4585,18 @@ static inline int clr_config_seccomp_allow_nesting(const char *key,
 #endif
 }
 
+static inline int clr_config_seccomp_notify_cookie(const char *key,
+                                                  struct lxc_conf *c, void *data)
+{
+#ifdef HAVE_SECCOMP_NOTIFY
+       free(c->seccomp.notifier.cookie);
+       c->seccomp.notifier.cookie = NULL;
+       return 0;
+#else
+       return minus_one_set_errno(ENOSYS);
+#endif
+}
+
 static inline int clr_config_seccomp_notify_proxy(const char *key,
                                                   struct lxc_conf *c, void *data)
 {

diff --git a/src/lxc/lxcseccomp.h b/src/lxc/lxcseccomp.h
index 121aa4e7a73e47de6fccf3f2c45db6ad66924513..f81943672465ead23f275c28d709631e4604ce7a 100644 (file)
--- a/src/lxc/lxcseccomp.h
+++ b/src/lxc/lxcseccomp.h
@@ -69,6 +69,7 @@ struct seccomp_notify {
        struct sockaddr_un proxy_addr;
        struct seccomp_notif *req_buf;
        struct seccomp_notif_resp *rsp_buf;
+       char *cookie;
 };
 
 #define HAVE_SECCOMP_NOTIFY 1