From ce5a138c79ed56fe0170578b9e462bfa09c4e5dd Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Sat, 18 Jul 2020 00:24:16 +0100 Subject: [PATCH] seccomp: mount more up-to-date seccomp features (cherry picked from commit 31861fd40dabd62e789aeb6d9e64b1ada7b908d8) --- live-build/auto/build | 1 + live-build/functions | 1 + 2 files changed, 2 insertions(+) diff --git a/live-build/auto/build b/live-build/auto/build index 154d95a3..2d3e2431 100755 --- a/live-build/auto/build +++ b/live-build/auto/build @@ -123,6 +123,7 @@ preinstall_snaps() { mount --bind /proc chroot/proc # Provide more up to date apparmor features, matching target kernel mount -o bind /usr/share/livecd-rootfs/live-build/apparmor/generic chroot/sys/kernel/security/apparmor/features + mount -o bind /usr/share/livecd-rootfs/live-build/seccomp/generic.actions_avail chroot/proc/sys/kernel/seccomp/actions_avail snap_validate_seed chroot diff --git a/live-build/functions b/live-build/functions index 19d793b7..0c9df1a0 100644 --- a/live-build/functions +++ b/live-build/functions @@ -107,6 +107,7 @@ setup_mountpoint() { mount securityfs -t securityfs "$mountpoint/sys/kernel/security" # Provide more up to date apparmor features, matching target kernel mount -o bind /usr/share/livecd-rootfs/live-build/apparmor/generic "$mountpoint/sys/kernel/security/apparmor/features/" + mount -o bind /usr/share/livecd-rootfs/live-build/seccomp/generic.actions_avail "$mountpoint/proc/sys/kernel/seccomp/actions_avail" mount -t tmpfs none "$mountpoint/tmp" mount -t tmpfs none "$mountpoint/var/lib/apt" mount -t tmpfs none "$mountpoint/var/cache/apt"