diff --git a/0062-change-log-level-of-seccomp-setup.patch b/0062-change-log-level-of-seccomp-setup.patch new file mode 100644 index 0000000000000000000000000000000000000000..db3799fa4e8a3b5ae3f0633be9f0ad8d87e510d8 --- /dev/null +++ b/0062-change-log-level-of-seccomp-setup.patch @@ -0,0 +1,113 @@ +From a7370435ac0591b5e2e4059b1aadd546bc92dae4 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Wed, 6 May 2020 23:22:22 -0400 +Subject: [PATCH] change log level of seccomp setup + +Signed-off-by: haozi007 +--- + src/lxc/seccomp.c | 32 ++++++++++++++++++++++++++++++++ + 1 file changed, 32 insertions(+) + +diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c +index b7c4de36..4b9d23c5 100644 +--- a/src/lxc/seccomp.c ++++ b/src/lxc/seccomp.c +@@ -562,7 +562,11 @@ bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx, + + memset(&arg_cmp, 0, sizeof(arg_cmp)); + for (i = 0; i < rule->args_num; i++) { ++#ifdef HAVE_ISULAD ++ DEBUG("arg_cmp[%d]: SCMP_CMP(%u, %llu, %llu, %llu)", i, ++#else + INFO("arg_cmp[%d]: SCMP_CMP(%u, %llu, %llu, %llu)", i, ++#endif + rule->args_value[i].index, + (long long unsigned int)rule->args_value[i].op, + (long long unsigned int)rule->args_value[i].mask, +@@ -809,7 +813,11 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c + + remove_trailing_newlines(line); + ++#ifdef HAVE_ISULAD ++ DEBUG("Processing \"%s\"", line); ++#else + INFO("Processing \"%s\"", line); ++#endif + if (line[0] == '[') { + /* Read the architecture for next set of rules. */ + if (strcmp(line, "[x86]") == 0 || +@@ -987,7 +995,11 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c + conf->seccomp.seccomp_ctx, &rule)) + goto bad_rule; + ++#ifdef HAVE_ISULAD ++ DEBUG("Added native rule for arch %d for %s action %d(%s)", ++#else + INFO("Added native rule for arch %d for %s action %d(%s)", ++#endif + SCMP_ARCH_NATIVE, line, rule.action, + get_action_name(rule.action)); + } else if (cur_rule_arch != lxc_seccomp_arch_all) { +@@ -1000,7 +1012,11 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c + ctx.contexts[arch_index], &rule)) + goto bad_rule; + ++#ifdef HAVE_ISULAD ++ DEBUG("Added compat rule for arch %d for %s action %d(%s)", ++#else + INFO("Added compat rule for arch %d for %s action %d(%s)", ++#endif + ctx.architectures[arch_index], line, rule.action, + get_action_name(rule.action)); + ctx.needs_merge[arch_index] = true; +@@ -1010,7 +1026,11 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c + conf->seccomp.seccomp_ctx, &rule)) + goto bad_rule; + ++#ifdef HAVE_ISULAD ++ DEBUG("Added native rule for arch %d for %s action %d(%s)", ++#else + INFO("Added native rule for arch %d for %s action %d(%s)", ++#endif + SCMP_ARCH_NATIVE, line, rule.action, + get_action_name(rule.action)); + +@@ -1019,7 +1039,11 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c + ctx.contexts[0], &rule)) + goto bad_rule; + ++#ifdef HAVE_ISULAD ++ DEBUG("Added compat rule for arch %d for %s action %d(%s)", ++#else + INFO("Added compat rule for arch %d for %s action %d(%s)", ++#endif + ctx.architectures[0], line, rule.action, + get_action_name(rule.action)); + ctx.needs_merge[0] = true; +@@ -1030,7 +1054,11 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c + ctx.contexts[1], &rule)) + goto bad_rule; + ++#ifdef HAVE_ISULAD ++ DEBUG("Added compat rule for arch %d for %s action %d(%s)", ++#else + INFO("Added compat rule for arch %d for %s action %d(%s)", ++#endif + ctx.architectures[1], line, rule.action, + get_action_name(rule.action)); + ctx.needs_merge[1] = true; +@@ -1041,7 +1069,11 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c + ctx.contexts[2], &rule)) + goto bad_rule; + ++#ifdef HAVE_ISULAD ++ DEBUG("Added native rule for arch %d for %s action %d(%s)", ++#else + INFO("Added native rule for arch %d for %s action %d(%s)", ++#endif + ctx.architectures[2], line, rule.action, + get_action_name(rule.action)); + ctx.needs_merge[2] = true; +-- +2.26.2 + diff --git a/lxc.spec b/lxc.spec index 3e761d248987537d99a57132db6e35cc972b24f4..1b57dda051ffc0a429237e0bad6340ff0cef981d 100644 --- a/lxc.spec +++ b/lxc.spec @@ -1,4 +1,4 @@ -%global _release 2020043002 +%global _release 2020050702 %global debug_package %{nil} Name: lxc @@ -69,6 +69,7 @@ Patch9057: 0058-support-syslog-for-console.patch Patch9058: 0059-set-state-to-stopped.patch Patch9059: 0060-attach-append-error-msg-when-call-attach-failed.patch Patch9060: 0061-mount-fix-symlink-error-use-parsed-path.patch +Patch9061: 0062-change-log-level-of-seccomp-setup.patch BuildRequires: systemd-units git libtool graphviz docbook2X doxygen chrpath BuildRequires: pkgconfig(libseccomp) diff --git a/series.conf b/series.conf index eb8ffd6917ce09cdb504e38fbdee17948ca609a9..2caf6d2ac8d7e379bd7c002dd95776abbf48e813 100644 --- a/series.conf +++ b/series.conf @@ -59,3 +59,4 @@ 0059-set-state-to-stopped.patch 0060-attach-append-error-msg-when-call-attach-failed.patch 0061-mount-fix-symlink-error-use-parsed-path.patch +0062-change-log-level-of-seccomp-setup.patch