diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2020-01-05 17:48:19 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2020-01-05 17:48:19 +0100 |
| commit | 438e1227121e9d4bbca7b12b6e1b715524d512c2 (patch) | |
| tree | 8c3ab34a98ec866c02b853d791c30a52f6dafb5c /pkg/host/syscalls_linux.go | |
| parent | d83499aa568e869fc4bea4e278a0f2229214b29d (diff) | |
pkg/host: fix detection of enabled LSMs
securityfs may not be mounted, but it does not mean that no LSMs are enabled.
Diffstat (limited to 'pkg/host/syscalls_linux.go')
| -rw-r--r-- | pkg/host/syscalls_linux.go | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/pkg/host/syscalls_linux.go b/pkg/host/syscalls_linux.go index 99f413981..7a8765868 100644 --- a/pkg/host/syscalls_linux.go +++ b/pkg/host/syscalls_linux.go @@ -263,7 +263,11 @@ func isSupportedLSM(c *prog.Syscall) string { lsmOnce.Do(func() { data, err := ioutil.ReadFile("/sys/kernel/security/lsm") if err != nil { - lsmError = err + // securityfs may not be mounted, but it does not mean + // that no LSMs are enabled. + if !os.IsNotExist(err) { + lsmError = err + } return } lsmDisabled = make(map[string]bool) |