Add seccomp filter to fsgofer

PiperOrigin-RevId: 211011542 Change-Id: Ib5a83a00f8eb6401603c6fb5b59afc93bac52558
author: Fabricio Voznika <fvoznika@google.com> 2018-08-30 17:29:14 -0700
committer: Shentubot <shentubot@google.com> 2018-08-30 17:30:19 -0700
commit: 3e493adf7adb6c8b920ae224fb68e2c317a16a56 (patch)
tree: d3cb362aa2c63df9564475a05279775db9b0dba4 /runsc/cmd/gofer.go
parent: 5ade9350ad18476a2cddbd3a0b36778d1c6ec376 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/runsc/cmd/gofer.go b/runsc/cmd/gofer.go
index ab76734fc..f28e02798 100644
--- a/runsc/cmd/gofer.go
+++ b/runsc/cmd/gofer.go
@@ -28,6 +28,7 @@ import (
 	"gvisor.googlesource.com/gvisor/pkg/p9"
 	"gvisor.googlesource.com/gvisor/pkg/unet"
 	"gvisor.googlesource.com/gvisor/runsc/fsgofer"
+	"gvisor.googlesource.com/gvisor/runsc/fsgofer/filter"
 	"gvisor.googlesource.com/gvisor/runsc/specutils"
 )
 
@@ -151,6 +152,10 @@ func (g *Gofer) Execute(_ context.Context, f *flag.FlagSet, args ...interface{})
 		Fatalf("too many FDs passed for mounts. mounts: %d, FDs: %d", mountIdx, len(g.ioFDs))
 	}
 
+	if err := filter.Install(); err != nil {
+		Fatalf("Failed to install seccomp filters: %v", err)
+	}
+
 	runServers(ats, g.ioFDs)
 	return subcommands.ExitSuccess
 }
author	Fabricio Voznika <fvoznika@google.com>	2018-08-30 17:29:14 -0700
committer	Shentubot <shentubot@google.com>	2018-08-30 17:30:19 -0700
commit	3e493adf7adb6c8b920ae224fb68e2c317a16a56 (patch)
tree	d3cb362aa2c63df9564475a05279775db9b0dba4 /runsc/cmd/gofer.go
parent	5ade9350ad18476a2cddbd3a0b36778d1c6ec376 (diff)