mirror/youki
1
0
Fork 0
mirror of https://github.com/containers/youki synced 2024-11-23 17:32:15 +01:00
Code Issues

small improvement.

Browse Source
This commit is contained in:
utam0k 2021-10-20 14:18:45 +09:00
parent 9ed52d9b57
commit 0d73ff2182
No known key found for this signature in database
GPG Key ID: CE4B1272D0462168
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/process/container_init_process.rs
View File

@ -311,8 +311,8 @@ pub fn container_init_process(
// Without no new privileges, seccomp is a privileged operation. We have to // Without no new privileges, seccomp is a privileged operation. We have to
// do this before dropping capabilities. Otherwise, we should do it later, // do this before dropping capabilities. Otherwise, we should do it later,
// as close to exec as possible. // as close to exec as possible.
if linux.seccomp().is_some() && proc.no_new_privileges().is_none() { if let Some(seccomp) = linux.seccomp() {
if let Some(seccomp) = linux.seccomp() { if proc.no_new_privileges().is_none() {
let notify_fd = let notify_fd =
seccomp::initialize_seccomp(seccomp).context("failed to execute seccomp")?; seccomp::initialize_seccomp(seccomp).context("failed to execute seccomp")?;
sync_seccomp(notify_fd, main_sender, init_receiver) sync_seccomp(notify_fd, main_sender, init_receiver)