seccomp: recvmsg with MSG_TRUNC

We only read the message without the cookie. For now assert
that the sender also didn't try to send more by letting
`recvmsg()` return the original size of the packet if it was
longer.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 5b33413933d125f851c8a092fc8bc99753240f0f..978b1a2ca6f06208e2bcf8175b4eceb361cf968c 100644 (file)
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1466,7 +1466,8 @@ retry:
                goto out;
        }
 
-       bytes = lxc_recvmsg_nointr_iov(listener_proxy_fd, iov,iov_len, 0);
+       bytes = lxc_recvmsg_nointr_iov(listener_proxy_fd, iov,iov_len,
+                                      MSG_TRUNC);
        if (bytes != (ssize_t)msg_base_size) {
                SYSERROR("Failed to receive message from seccomp proxy");
                seccomp_notify_default_answer(fd, req, resp, hdlr);