From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Thu, 30 Jan 2020 08:27:32 +0000 (+0100)
Subject: mask 'mknod' feature by kernel version
X-Git-Url: https://git.proxmox.com/?p=pve-container.git;a=commitdiff_plain;h=b6bbd32c7ef5067fd4b0c06f0ba6e0e5f39233f3

mask 'mknod' feature by kernel version

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
[ Thomas: use new helper from common ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---

diff --git a/debian/control b/debian/control
index 7403020..cdd400a 100644
--- a/debian/control
+++ b/debian/control
@@ -20,7 +20,7 @@ Priority: optional
 Architecture: all
 Depends: file,
          libpve-cluster-perl,
-         libpve-common-perl (>= 6.0-8),
+         libpve-common-perl (>= 6.0-12),
          libpve-guest-common-perl (>= 3.0-2),
          libpve-storage-perl (>= 5.0-31),
          lxc-pve,
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index c590fc8..38cf810 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -510,6 +510,11 @@ sub make_seccomp_config {
     # leave up to the kernel. We may in the future remove this if seccomp gets
     # a way to tell the kernel to "continue" a syscall.
     if ($features->{mknod}) {
+	my ($ok, $kernel) = PVE::ProcFSTools::check_kernel_release(5, 3);
+	if (!$ok) {
+	    die "'mknod' feature requested, but kernel too old (found $kernel, required >= 5.3)\n";
+	}
+
 	$raw_conf .= "lxc.seccomp.notify.proxy = unix:/run/pve/lxc-syscalld.sock\n";
 
 	$rules->{mknod} = [