Merge pull request #765 from trailofbits:uds_support

PiperOrigin-RevId: 271235134
author: gVisor bot <gvisor-bot@google.com> 2019-09-25 16:44:22 -0700
committer: gVisor bot <gvisor-bot@google.com> 2019-09-25 16:44:22 -0700
commit: dd0e5eedaeb21582820856cbe68eb2a625f395aa (patch)
tree: 2c6e3e3ee7805040d09bddce488133ae09a4bb95 /runsc/cmd
parent: 129c67d68ee2db4aa3a45ab6970e7d26348ce5ef (diff)
parent: 9ebd498a55fa87129cdc60cdc3bca66f26c49454 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/runsc/cmd/gofer.go b/runsc/cmd/gofer.go
index 9faabf494..fbd579fb8 100644
--- a/runsc/cmd/gofer.go
+++ b/runsc/cmd/gofer.go
@@ -182,6 +182,7 @@ func (g *Gofer) Execute(_ context.Context, f *flag.FlagSet, args ...interface{})
 			cfg := fsgofer.Config{
 				ROMount:      isReadonlyMount(m.Options),
 				PanicOnWrite: g.panicOnWrite,
+				HostUDS:      conf.FSGoferHostUDS,
 			}
 			ap, err := fsgofer.NewAttachPoint(m.Destination, cfg)
 			if err != nil {
@@ -200,6 +201,10 @@ func (g *Gofer) Execute(_ context.Context, f *flag.FlagSet, args ...interface{})
 		Fatalf("too many FDs passed for mounts. mounts: %d, FDs: %d", mountIdx, len(g.ioFDs))
 	}
 
+	if conf.FSGoferHostUDS {
+		filter.InstallUDSFilters()
+	}
+
 	if err := filter.Install(); err != nil {
 		Fatalf("installing seccomp filters: %v", err)
 	}
author	gVisor bot <gvisor-bot@google.com>	2019-09-25 16:44:22 -0700
committer	gVisor bot <gvisor-bot@google.com>	2019-09-25 16:44:22 -0700
commit	dd0e5eedaeb21582820856cbe68eb2a625f395aa (patch)
tree	2c6e3e3ee7805040d09bddce488133ae09a4bb95 /runsc/cmd
parent	129c67d68ee2db4aa3a45ab6970e7d26348ce5ef (diff)
parent	9ebd498a55fa87129cdc60cdc3bca66f26c49454 (diff)