A seccomp profile for the entire container has been added.

[waydroid.git] / tools / helpers / lxc.py

diff --git a/tools/helpers/lxc.py b/tools/helpers/lxc.py
index a099801de4667a47e167d6f8f1809511a9b45ddf..a13f838e1b779c97740d1b9682b90ccec14f8938 100644 (file)
--- a/tools/helpers/lxc.py
+++ b/tools/helpers/lxc.py
@@ -137,6 +137,7 @@ def set_lxc_config(args):
     elif lxc_ver <= 2:
         config_file = "config_1"
     config_path = tools.config.tools_src + "/data/configs/" + config_file
+    seccomp_profile = tools.config.tools_src + "/data/configs/waydroid.seccomp"
 
     command = ["mkdir", "-p", lxc_path]
     tools.helpers.run.user(args, command)
@@ -144,6 +145,8 @@ def set_lxc_config(args):
     tools.helpers.run.user(args, command)
     command = ["sed", "-i", "s/LXCARCH/{}/".format(platform.machine()), lxc_path + "/config"]
     tools.helpers.run.user(args, command)
+    command = ["cp", "-fpr", seccomp_profile, lxc_path + "/waydroid.seccomp"]
+    tools.helpers.run.user(args, command)
 
     nodes = generate_nodes_lxc_config(args)
     config_nodes_tmp_path = args.work + "/config_nodes"