diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-02-18 22:14:00 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-02-18 22:14:00 +0100 |
commit | e9642be2cce7f5e90406980092a6f71f504a16af (patch) | |
tree | 261c0a274329240ef9c79f618f28fcb51f0a6a07 /src/core/execute.c | |
parent | f3d5485b805de60ee71810eeb58e82d44ce24fe1 (diff) |
seccomp: add helper call to add all secondary archs to a seccomp filter
And make use of it where appropriate for executing services and for
nspawn.
Diffstat (limited to 'src/core/execute.c')
-rw-r--r-- | src/core/execute.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/core/execute.c b/src/core/execute.c index be15fb95ee..4b1177a7e5 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -957,10 +957,20 @@ static int apply_seccomp(ExecContext *c) { if (!seccomp) return -ENOMEM; - SET_FOREACH(id, c->syscall_archs, i) { - r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1); - if (r == -EEXIST) - continue; + if (c->syscall_archs) { + + SET_FOREACH(id, c->syscall_archs, i) { + r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1); + if (r == -EEXIST) + continue; + if (r < 0) { + seccomp_release(seccomp); + return r; + } + } + } else { + + r = seccomp_add_secondary_archs(seccomp); if (r < 0) { seccomp_release(seccomp); return r; |