Merge pull request #399 from Mashimiao/seccomp-default-fix

Mrunal Patel · web-flow · commit 2ed047ae6bdd · 2017-07-14T17:33:04.000-07:00
fix seccomp-default parse and remove problem
diff --git a/completions/bash/oci-runtime-tool b/completions/bash/oci-runtime-tool
@@ -159,11 +159,11 @@ __oci-runtime-tool_complete_seccomp_arches() {
 # context of oci-runtime-tool containers.
 __oci-runtime-tool_complete_seccomp_actions() {
 	COMPREPLY=( $( compgen -W "
-		SCMP_ACT_ALLOW
-		SCMP_ACT_ERRNO
-		SCMP_ACT_KILL
-		SCMP_ACT_TRACE
-		SCMP_ACT_TRAP
+		allow
+		errno
+		kill
+		trace
+		trap
 	" -- "$cur" ) )
 }
 __oci-runtime-tool_complete_capabilities() {
diff --git a/generate/seccomp/parse_action.go b/generate/seccomp/parse_action.go
@@ -97,7 +97,7 @@ func ParseDefaultAction(action string, config *rspec.LinuxSeccomp) error {
 		return err
 	}
 	config.DefaultAction = defaultAction
-	err = RemoveAllMatchingRules(config, action)
+	err = RemoveAllMatchingRules(config, defaultAction)
 	if err != nil {
 		return err
 	}
diff --git a/generate/seccomp/parse_remove.go b/generate/seccomp/parse_remove.go
@@ -15,12 +15,7 @@ func RemoveAction(arguments string, config *rspec.LinuxSeccomp) error {
 		return fmt.Errorf("Cannot remove action from nil Seccomp pointer")
 	}
 
-	var syscallsToRemove []string
-	if strings.Contains(arguments, ",") {
-		syscallsToRemove = strings.Split(arguments, ",")
-	} else {
-		syscallsToRemove = append(syscallsToRemove, arguments)
-	}
+	syscallsToRemove := strings.Split(arguments, ",")
 
 	for counter, syscallStruct := range config.Syscalls {
 		if reflect.DeepEqual(syscallsToRemove, syscallStruct.Names) {
@@ -42,16 +37,11 @@ func RemoveAllSeccompRules(config *rspec.LinuxSeccomp) error {
 }
 
 // RemoveAllMatchingRules will remove any syscall rules that match the specified action
-func RemoveAllMatchingRules(config *rspec.LinuxSeccomp, action string) error {
+func RemoveAllMatchingRules(config *rspec.LinuxSeccomp, seccompAction rspec.LinuxSeccompAction) error {
 	if config == nil {
 		return fmt.Errorf("Cannot remove action from nil Seccomp pointer")
 	}
 
-	seccompAction, err := parseAction(action)
-	if err != nil {
-		return err
-	}
-
 	for _, syscall := range config.Syscalls {
 		if reflect.DeepEqual(syscall.Action, seccompAction) {
 			RemoveAction(strings.Join(syscall.Names, ","), config)
diff --git a/man/oci-runtime-tool-generate.1.md b/man/oci-runtime-tool-generate.1.md
@@ -201,11 +201,11 @@ read the configuration from `config.json`.
 
 **--linux-seccomp-default**=ACTION
   Specifies the the default action of Seccomp syscall restrictions and removes existing restrictions with the specified action
-  Values: KILL,ERRNO,TRACE,ALLOW
+  Values: kill, trap, errno, trace, allow
 
 **--linux-seccomp-default-force**=ACTION
   Specifies the the default action of Seccomp syscall restrictions
-  Values: KILL,ERRNO,TRACE,ALLOW
+  Values: kill, trap, errno, trace, allow
 
 **--linux-seccomp-errno**=SYSCALL
   Specifies syscalls to create seccomp rule to respond with ERRNO.

Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ func ParseDefaultAction(action string, config *rspec.LinuxSeccomp) error {`
`97`	`97`	`return err`
`98`	`98`	`}`
`99`	`99`	`config.DefaultAction = defaultAction`
`100`		`- err = RemoveAllMatchingRules(config, action)`
	`100`	`+ err = RemoveAllMatchingRules(config, defaultAction)`
`101`	`101`	`if err != nil {`
`102`	`102`	`return err`
`103`	`103`	`}`