seccomp: keep retrying to reconnect to proxy

If a syscall happens after we already failed to communicate
with the proxy, proxy_fd was -1.
Before the previous commit we'd then be stuck in the state
where there was no proxy registered. With the previous
commit we'd send a default reply and only then try to
reconnect.
Improve this even further by trying to reconnect right at
the start.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 12e6dbe7825ffc6b7f11729b09957ac399202a00..ebbdc0732df77c7a601d7eb447338c7a37ec0f15 100644 (file)
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1374,8 +1374,18 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
        }
 
        if (listener_proxy_fd < 0) {
-               ERROR("No seccomp proxy registered");
-               return seccomp_notify_default_answer(fd, req, resp, hdlr);
+               ret = -1;
+               /* Same condition as for the initial setup_proxy() */
+               if (conf->seccomp.notifier.wants_supervision &&
+                   conf->seccomp.notifier.proxy_addr.sun_path[1] != '\0') {
+                       ret = seccomp_notify_reconnect(hdlr);
+               }
+               if (ret) {
+                       ERROR("No seccomp proxy registered");
+                       return seccomp_notify_default_answer(fd, req, resp,
+                                                            hdlr);
+               }
+               listener_proxy_fd = conf->seccomp.notifier.proxy_fd;
        }
 
        /* remember the ID in case we receive garbage from the proxy */