seccomp: mount more up-to-date seccomp features

2025-02-23 03:11:12 +00:00 · 2020-07-18 00:24:16 +01:00 · 2020-07-18 00:24:16 +01:00 · 31861fd40d
commit 31861fd40d
parent bc4d32a422
2 changed files with 2 additions and 0 deletions
--- a/live-build/auto/build
+++ b/live-build/auto/build
@ -123,6 +123,7 @@ preinstall_snaps() {
 	mount --bind /proc chroot/proc
 	# Provide more up to date apparmor features, matching target kernel
 	mount -o bind /usr/share/livecd-rootfs/live-build/apparmor/generic chroot/sys/kernel/security/apparmor/features
+	mount -o bind /usr/share/livecd-rootfs/live-build/seccomp/generic.actions_avail chroot/proc/sys/kernel/seccomp/actions_avail

 	snap_validate_seed chroot

--- a/live-build/functions
+++ b/live-build/functions
@ -101,6 +101,7 @@ setup_mountpoint() {
    mount securityfs -t securityfs "$mountpoint/sys/kernel/security"
    # Provide more up to date apparmor features, matching target kernel
    mount -o bind /usr/share/livecd-rootfs/live-build/apparmor/generic "$mountpoint/sys/kernel/security/apparmor/features/"
+    mount -o bind /usr/share/livecd-rootfs/live-build/seccomp/generic.actions_avail "$mountpoint/proc/sys/kernel/seccomp/actions_avail"
    mount -t tmpfs none "$mountpoint/tmp"
    mount -t tmpfs none "$mountpoint/var/lib/apt"
    mount -t tmpfs none "$mountpoint/var/cache/apt"