seccomp: Use explicit DefaultErrnoRet

rata · rata · commit fb794166d940 · 2021-07-30T19:13:21.000+02:00
Since commit "seccomp: Sync fields with runtime-spec fields" (5d24467) we support to specify the DefaultErrnoRet to be used. Before that commit it was not specified and EPERM was used by default. This commit keeps the same behaviour but just makes it explicit that the default is EPERM. Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
@@ -1,5 +1,6 @@
 {
 	"defaultAction": "SCMP_ACT_ERRNO",
+	"defaultErrnoRet": 1,
 	"archMap": [
 		{
 			"architecture": "SCMP_ARCH_X86_64",
diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go
@@ -739,9 +739,11 @@ func DefaultProfile() *Seccomp {
 		},
 	}
 
+	errnoRet := uint(unix.EPERM)
 	return &Seccomp{
 		LinuxSeccomp: specs.LinuxSeccomp{
-			DefaultAction: specs.ActErrno,
+			DefaultAction:   specs.ActErrno,
+			DefaultErrnoRet: &errnoRet,
 		},
 		ArchMap:  arches(),
 		Syscalls: syscalls,
diff --git a/profiles/seccomp/fixtures/example.json b/profiles/seccomp/fixtures/example.json
@@ -1,5 +1,6 @@
 {
     "defaultAction": "SCMP_ACT_ERRNO",
+    "defaultErrnoRet": 1,
     "syscalls": [
         {
             "name": "clone",
diff --git a/profiles/seccomp/seccomp_test.go b/profiles/seccomp/seccomp_test.go
@@ -23,8 +23,10 @@ func TestLoadProfile(t *testing.T) {
 		t.Fatal(err)
 	}
 	var expectedErrno uint = 12345
+	var expectedDefaultErrno uint = 1
 	expected := specs.LinuxSeccomp{
-		DefaultAction: specs.ActErrno,
+		DefaultAction:   specs.ActErrno,
+		DefaultErrnoRet: &expectedDefaultErrno,
 		Syscalls: []specs.LinuxSyscall{
 			{
 				Names:  []string{"clone"},

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"defaultAction": "SCMP_ACT_ERRNO",`
	`3`	`+ "defaultErrnoRet": 1,`
`3`	`4`	`"archMap": [`
`4`	`5`	`{`
`5`	`6`	`"architecture": "SCMP_ARCH_X86_64",`
Original file line number	Diff line number	Diff line change
`@@ -23,8 +23,10 @@ func TestLoadProfile(t *testing.T) {`
`23`	`23`	`t.Fatal(err)`
`24`	`24`	`}`
`25`	`25`	`var expectedErrno uint = 12345`
	`26`	`+ var expectedDefaultErrno uint = 1`
`26`	`27`	`expected := specs.LinuxSeccomp{`
`27`		`- DefaultAction: specs.ActErrno,`
	`28`	`+ DefaultAction: specs.ActErrno,`
	`29`	`+ DefaultErrnoRet: &expectedDefaultErrno,`
`28`	`30`	`Syscalls: []specs.LinuxSyscall{`
`29`	`31`	`{`
`30`	`32`	`Names: []string{"clone"},`