#
# This returns a configuration snippet added to the raw lxc config.
sub make_seccomp_config {
- my ($conf, $conf_dir, $unprivileged, $features) = @_;
+ my ($conf, $vmid, $conf_dir, $unprivileged, $features) = @_;
# User-configured profile has precedence, note that the user's entry would
# be written 'after' this line anyway...
if (PVE::LXC::Config->has_lxc_entry($conf, 'lxc.seccomp.profile')) {
}
$raw_conf .= "lxc.seccomp.notify.proxy = unix:/run/pve/lxc-syscalld.sock\n";
+ $raw_conf .= "lxc.seccomp.notify.cookie = $vmid\n";
$rules->{mknod} = [
# condition: (mode & S_IFMT) == S_IFCHR
my $features = PVE::LXC::Config->parse_features($conf->{features});
- $raw .= make_seccomp_config($conf, $dir, $unprivileged, $features);
+ $raw .= make_seccomp_config($conf, $vmid, $dir, $unprivileged, $features);
$raw .= make_apparmor_config($conf, $unprivileged, $features);
if ($features->{fuse}) {
$raw .= "lxc.apparmor.raw = mount fstype=fuse,\n";