mask 'mknod' feature by kernel version

author Wolfgang Bumiller <w.bumiller@proxmox.com>

Thu, 30 Jan 2020 08:27:32 +0000 (09:27 +0100)

committer Thomas Lamprecht <t.lamprecht@proxmox.com>

Fri, 31 Jan 2020 15:37:35 +0000 (16:37 +0100)
author Wolfgang Bumiller <w.bumiller@proxmox.com>
Thu, 30 Jan 2020 08:27:32 +0000 (09:27 +0100)
committer Thomas Lamprecht <t.lamprecht@proxmox.com>
Fri, 31 Jan 2020 15:37:35 +0000 (16:37 +0100)
diff --git a/debian/control b/debian/control

index 74030206416c6a7af1f0c1e4f2a6c6a242435343..cdd400aa742ad686377620a458391f77fc9a6c91 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -20,7 +20,7 @@ Priority: optional
  Architecture: all
  Depends: file,
           libpve-cluster-perl,
-         libpve-common-perl (>= 6.0-8),
+         libpve-common-perl (>= 6.0-12),
           libpve-guest-common-perl (>= 3.0-2),
           libpve-storage-perl (>= 5.0-31),
           lxc-pve,
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm

index c590fc8e2050db64f0925b73271b8147f8558db3..38cf8101feb6179cff1a0b1384b53197a37b1ca2 100644 (file)
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -510,6 +510,11 @@ sub make_seccomp_config {
      # leave up to the kernel. We may in the future remove this if seccomp gets
      # a way to tell the kernel to "continue" a syscall.
      if ($features->{mknod}) {
+       my ($ok, $kernel) = PVE::ProcFSTools::check_kernel_release(5, 3);
+       if (!$ok) {
+           die "'mknod' feature requested, but kernel too old (found $kernel, required >= 5.3)\n";
+       }
+
         $raw_conf .= "lxc.seccomp.notify.proxy = unix:/run/pve/lxc-syscalld.sock\n";
  
         $rules->{mknod} = [
author	Wolfgang Bumiller <w.bumiller@proxmox.com>
	Thu, 30 Jan 2020 08:27:32 +0000 (09:27 +0100)
committer	Thomas Lamprecht <t.lamprecht@proxmox.com>
	Fri, 31 Jan 2020 15:37:35 +0000 (16:37 +0100)
debian/control		patch \| blob \| blame \| history
src/PVE/LXC.pm		patch \| blob \| blame \| history