config: add support for seccomp_log

diff --git a/cmdline.cc b/cmdline.cc
index bd80a727a651a15b38dea7355357d6bade54c65e..ca47468901aadc59f611efd335b14757a8869675 100644 (file)
--- a/cmdline.cc
+++ b/cmdline.cc
@@ -450,7 +450,7 @@ std::unique_ptr<nsjconf_t> parseArgs(int argc, char* argv[]) {
        nsjconf->num_cpus = sysconf(_SC_NPROCESSORS_ONLN);
        nsjconf->seccomp_fprog.filter = NULL;
        nsjconf->seccomp_fprog.len = 0;
-        nsjconf->seccomp_log = false;
+       nsjconf->seccomp_log = false;
 
        nsjconf->openfds.push_back(STDIN_FILENO);
        nsjconf->openfds.push_back(STDOUT_FILENO);

diff --git a/config.cc b/config.cc
index f23135490778146c38a12cdc7e6de078cf523d7a..9ff1824e7f5cd13992947b47ccd375c6583b0309 100644 (file)
--- a/config.cc
+++ b/config.cc
@@ -234,6 +234,7 @@ static bool configParseInternal(nsjconf_t* nsjconf, const nsjail::NsJailConfig&
                nsjconf->kafel_string += njc.seccomp_string(i);
                nsjconf->kafel_string += '\n';
        }
+       nsjconf->seccomp_log = njc.seccomp_log();
 
        nsjconf->cgroup_mem_max = njc.cgroup_mem_max();
        nsjconf->cgroup_mem_mount = njc.cgroup_mem_mount();

diff --git a/config.proto b/config.proto
index b0103f81360eb16c4537f51391bae150fc824086..889129ced078b3c5ffa20a5bfdb2311098ba2168 100644 (file)
--- a/config.proto
+++ b/config.proto
@@ -184,6 +184,7 @@ message NsJailConfig {
        Homepage of the project: https://github.com/google/kafel */
     optional string seccomp_policy_file = 57;
     repeated string seccomp_string = 58;
+    optional bool seccomp_log = 77 [default = false];
 
     /* If > 0, maximum cumulative size of RAM used inside any jail */
     optional uint64 cgroup_mem_max = 59 [default = 0]; /* In MiB */