diff options
| author | Dave Reisner <dreisner@archlinux.org> | 2014-02-18 14:44:14 -0500 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-02-18 21:26:24 +0100 |
| commit | f3d5485b805de60ee71810eeb58e82d44ce24fe1 (patch) | |
| tree | 40161ceea98df0ddaaa06b2f8d5f3278950585a8 | |
| parent | 4b462d1a28461b302586b117736ef288fba1012f (diff) | |
nspawn: allow 32-bit chroots from 64-bit hosts
Arch Linux uses nspawn as a container for building packages and needs
to be able to start a 32bit chroot from a 64bit host. 24fb11120756
disrupted this feature when seccomp handling was added.
| -rw-r--r-- | src/nspawn/nspawn.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 089af07886..5a2467d6e2 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1539,6 +1539,14 @@ static int audit_still_doesnt_work_in_containers(void) { goto finish; } +#ifdef __x86_64__ + r = seccomp_arch_add(seccomp, SCMP_ARCH_X86); + if (r < 0 && r != -EEXIST) { + log_error("Failed to add x86 to seccomp filter: %s", strerror(-r)); + goto finish; + } +#endif + r = seccomp_load(seccomp); if (r < 0) log_error("Failed to install seccomp audit filter: %s", strerror(-r)); |