honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ignore some docker craziness in scccomp environment checks

This commit is contained in:
Robert Muir 2016-08-02 12:19:38 -04:00
parent 9f88a8194a
commit f77e8a512c
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
core/src/main/java/org/elasticsearch/bootstrap/Seccomp.java
View File

@ -200,6 +200,7 @@ final class Seccomp {
static final int SECCOMP_RET_ALLOW = 0x7FFF0000;
// some errno constants for error checking/handling
static final int EPERM = 0x01;
static final int EACCES = 0x0D;
static final int EFAULT = 0x0E;
static final int EINVAL = 0x16;
@ -275,7 +276,20 @@ final class Seccomp {
// check that unimplemented syscalls actually return ENOSYS
// you never know (e.g. https://code.google.com/p/chromium/issues/detail?id=439795)
if (linux_syscall(999) >= 0 || Native.getLastError() != ENOSYS) {
if (linux_syscall(999) >= 0) {
throw new UnsupportedOperationException("seccomp unavailable: your kernel is buggy and you should upgrade");
}
switch (Native.getLastError()) {
case ENOSYS:
break; // ok
case EPERM:
// NOT ok, but likely a docker container
if (logger.isDebugEnabled()) {
logger.debug("syscall(BOGUS) bogusly gets EPERM instead of ENOSYS");
}
break;
default:
throw new UnsupportedOperationException("seccomp unavailable: your kernel is buggy and you should upgrade");
}