Avoid assuming `seccompFd` idx to be 0

rootless-containers / bypass4netns

[Experimental] Accelerates slirp4netns using SECCOMP_IOCTL_NOTIF_ADDFD. As fast as `--net=host`.

https://medium.com/nttlabs/accelerating-rootless-container-network-29d0e908dda4

Apache License 2.0

126 stars 6 forks source link

Avoid assuming `seccompFd` idx to be 0 #8

Closed AkihiroSuda closed 2 years ago

AkihiroSuda commented 2 years ago

https://github.com/rootless-containers/bypass4netns/blob/d1ad9bdb175cf6d9dbbb4632b3819e18aec3a56d/main.c#L250

We should parse The Container Process State JSON rather than assuming the index of seccompFd to be always 0.

fds (array, OPTIONAL) is a string array containing the names of the file descriptors passed. The index of the name in this array corresponds to index of the file descriptors in the SCM_RIGHTS array.