diff options
Diffstat (limited to 'runsc/cmd')
-rw-r--r-- | runsc/cmd/BUILD | 1 | ||||
-rw-r--r-- | runsc/cmd/gofer.go | 5 |
2 files changed, 6 insertions, 0 deletions
diff --git a/runsc/cmd/BUILD b/runsc/cmd/BUILD index 5dee26a5c..f9c091ba2 100644 --- a/runsc/cmd/BUILD +++ b/runsc/cmd/BUILD @@ -42,6 +42,7 @@ go_library( "//runsc/console", "//runsc/container", "//runsc/fsgofer", + "//runsc/fsgofer/filter", "//runsc/specutils", "@com_github_google_subcommands//:go_default_library", "@com_github_opencontainers_runtime-spec//specs-go:go_default_library", diff --git a/runsc/cmd/gofer.go b/runsc/cmd/gofer.go index ab76734fc..f28e02798 100644 --- a/runsc/cmd/gofer.go +++ b/runsc/cmd/gofer.go @@ -28,6 +28,7 @@ import ( "gvisor.googlesource.com/gvisor/pkg/p9" "gvisor.googlesource.com/gvisor/pkg/unet" "gvisor.googlesource.com/gvisor/runsc/fsgofer" + "gvisor.googlesource.com/gvisor/runsc/fsgofer/filter" "gvisor.googlesource.com/gvisor/runsc/specutils" ) @@ -151,6 +152,10 @@ func (g *Gofer) Execute(_ context.Context, f *flag.FlagSet, args ...interface{}) Fatalf("too many FDs passed for mounts. mounts: %d, FDs: %d", mountIdx, len(g.ioFDs)) } + if err := filter.Install(); err != nil { + Fatalf("Failed to install seccomp filters: %v", err) + } + runServers(ats, g.ioFDs) return subcommands.ExitSuccess } |