summaryrefslogtreecommitdiff
path: root/src/core/load-fragment-gperf.gperf.m4
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-02-13 01:35:27 +0100
committerLennart Poettering <lennart@poettering.net>2014-02-13 01:40:50 +0100
commitd3b1c5083359faa6cfca81810cf87ef70d0290f6 (patch)
treecfff30a9ffb6cfc83b8a23c39685ef19ba8b3a67 /src/core/load-fragment-gperf.gperf.m4
parent624b5a636f2e0003a67025274d7afe9ebc55423b (diff)
core: add a system-wide SystemCallArchitectures= setting
This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
Diffstat (limited to 'src/core/load-fragment-gperf.gperf.m4')
-rw-r--r--src/core/load-fragment-gperf.gperf.m42
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index fa559e58f9..c8add14c80 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -51,7 +51,7 @@ $1.TimerSlackNSec, config_parse_nsec, 0,
$1.NoNewPrivileges, config_parse_bool, 0, offsetof($1, exec_context.no_new_privileges)
m4_ifdef(`HAVE_SECCOMP',
`$1.SystemCallFilter, config_parse_syscall_filter, 0, offsetof($1, exec_context)
-$1.SystemCallArchitectures, config_parse_syscall_archs, 0, offsetof($1, exec_context)
+$1.SystemCallArchitectures, config_parse_syscall_archs, 0, offsetof($1, exec_context.syscall_archs)
$1.SystemCallErrorNumber, config_parse_syscall_errno, 0, offsetof($1, exec_context)',
`$1.SystemCallFilter, config_parse_warn_compat, 0, 0
$1.SystemCallArchitectures, config_parse_warn_compat, 0, 0
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-16 23:33:22 +0000