seccomp: Add missing const for seccomp notify action

rata · rata · commit 7c549cb0939a · 2021-03-18T17:08:33.000+01:00
This wasn't catched before, even though we had working patches for containerd and runc in advance, as neither containerd nor runc really use these consts. In the spec this field is a string[1] and therefore when containerd parses with json.Unmarshall[2] it works just fine. With runc is not used either, as it uses a different struct in the libcontainer directory[3]. Therefore, even with patches using this change, this const definition was missed as it is not used by the patches. [1]: https://github.com/opencontainers/runtime-spec/blob/a8c4a9ee0f6b5a0b994c5c23c68725394e2b0d9d/specs-go/config.go#L641 [2]: https://github.com/containerd/containerd/blob/8dbe53a2a930af3631229e4d92cf839b64ee5a38/contrib/seccomp/seccomp.go#L36-L40 [3]: https://github.com/opencontainers/runc/pull/2682/files#diff-9915e69bab45a993d366aad4a7d47459d73ec4304b7c33942f197dd221673376R51 [4]: https://github.com/opencontainers/runtime-spec/blob/a8c4a9ee0f6b5a0b994c5c23c68725394e2b0d9d/specs-go/config.go#L614 Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
diff --git a/specs-go/config.go b/specs-go/config.go
@@ -650,6 +650,7 @@ const (
 	ActTrace       LinuxSeccompAction = "SCMP_ACT_TRACE"
 	ActAllow       LinuxSeccompAction = "SCMP_ACT_ALLOW"
 	ActLog         LinuxSeccompAction = "SCMP_ACT_LOG"
+	ActNotify      LinuxSeccompAction = "SCMP_ACT_NOTIFY"
 )
 
 // LinuxSeccompOperator used to match syscall arguments in Seccomp

Original file line number	Diff line number	Diff line change
`@@ -650,6 +650,7 @@ const (`
`650`	`650`	`ActTrace LinuxSeccompAction = "SCMP_ACT_TRACE"`
`651`	`651`	`ActAllow LinuxSeccompAction = "SCMP_ACT_ALLOW"`
`652`	`652`	`ActLog LinuxSeccompAction = "SCMP_ACT_LOG"`
	`653`	`+ ActNotify LinuxSeccompAction = "SCMP_ACT_NOTIFY"`
`653`	`654`	`)`
`654`	`655`
`655`	`656`	`// LinuxSeccompOperator used to match syscall arguments in Seccomp`