Add seccomp filter to fsgofer

PiperOrigin-RevId: 211011542 Change-Id: Ib5a83a00f8eb6401603c6fb5b59afc93bac52558
author: Fabricio Voznika <fvoznika@google.com> 2018-08-30 17:29:14 -0700
committer: Shentubot <shentubot@google.com> 2018-08-30 17:30:19 -0700
commit: 3e493adf7adb6c8b920ae224fb68e2c317a16a56 (patch)
tree: d3cb362aa2c63df9564475a05279775db9b0dba4 /runsc/cmd
parent: 5ade9350ad18476a2cddbd3a0b36778d1c6ec376 (diff)
2 files changed, 6 insertions, 0 deletions
diff --git a/runsc/cmd/BUILD b/runsc/cmd/BUILD
index 5dee26a5c..f9c091ba2 100644
--- a/runsc/cmd/BUILD
+++ b/runsc/cmd/BUILD
@@ -42,6 +42,7 @@ go_library(
         "//runsc/console",
         "//runsc/container",
         "//runsc/fsgofer",
+        "//runsc/fsgofer/filter",
         "//runsc/specutils",
         "@com_github_google_subcommands//:go_default_library",
         "@com_github_opencontainers_runtime-spec//specs-go:go_default_library",
diff --git a/runsc/cmd/gofer.go b/runsc/cmd/gofer.go
index ab76734fc..f28e02798 100644
--- a/runsc/cmd/gofer.go
+++ b/runsc/cmd/gofer.go
@@ -28,6 +28,7 @@ import (
 	"gvisor.googlesource.com/gvisor/pkg/p9"
 	"gvisor.googlesource.com/gvisor/pkg/unet"
 	"gvisor.googlesource.com/gvisor/runsc/fsgofer"
+	"gvisor.googlesource.com/gvisor/runsc/fsgofer/filter"
 	"gvisor.googlesource.com/gvisor/runsc/specutils"
 )
 
@@ -151,6 +152,10 @@ func (g *Gofer) Execute(_ context.Context, f *flag.FlagSet, args ...interface{})
 		Fatalf("too many FDs passed for mounts. mounts: %d, FDs: %d", mountIdx, len(g.ioFDs))
 	}
 
+	if err := filter.Install(); err != nil {
+		Fatalf("Failed to install seccomp filters: %v", err)
+	}
+
 	runServers(ats, g.ioFDs)
 	return subcommands.ExitSuccess
 }
author	Fabricio Voznika <fvoznika@google.com>	2018-08-30 17:29:14 -0700
committer	Shentubot <shentubot@google.com>	2018-08-30 17:30:19 -0700
commit	3e493adf7adb6c8b920ae224fb68e2c317a16a56 (patch)
tree	d3cb362aa2c63df9564475a05279775db9b0dba4 /runsc/cmd
parent	5ade9350ad18476a2cddbd3a0b36778d1c6ec376 (diff)