diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-02-13 00:24:00 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-02-13 00:24:00 +0100 |
commit | 57183d117a1d6a96d71ce99d648beb0d2b36228d (patch) | |
tree | 4b0c5b62073bf4766bd825c5d7d6b75967d7be40 /src/core/load-fragment.c | |
parent | 351a19b17d51ba0a5737f35d3c5deb8e7975fdee (diff) |
core: add SystemCallArchitectures= unit setting to allow disabling of non-native
architecture support for system calls
Also, turn system call filter bus properties into complex types instead
of concatenated strings.
Diffstat (limited to 'src/core/load-fragment.c')
-rw-r--r-- | src/core/load-fragment.c | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 1b5856e273..ec04ad28ba 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -57,6 +57,10 @@ #include "bus-error.h" #include "errno-list.h" +#ifdef HAVE_SECCOMP +#include "seccomp-util.h" +#endif + #if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) int config_parse_warn_compat( const char *unit, @@ -2029,6 +2033,57 @@ int config_parse_syscall_filter( return 0; } +int config_parse_syscall_archs( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + ExecContext *c = data; + char *w, *state; + size_t l; + int r; + + if (isempty(rvalue)) { + set_free(c->syscall_archs); + c->syscall_archs = NULL; + return 0; + } + + r = set_ensure_allocated(&c->syscall_archs, trivial_hash_func, trivial_compare_func); + if (r < 0) + return log_oom(); + + FOREACH_WORD_QUOTED(w, l, rvalue, state) { + _cleanup_free_ char *t = NULL; + uint32_t a; + + t = strndup(w, l); + if (!t) + return log_oom(); + + r = seccomp_arch_from_string(t, &a); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Failed to parse system call architecture, ignoring: %s", t); + continue; + } + + r = set_put(c->syscall_archs, UINT32_TO_PTR(a + 1)); + if (r == -EEXIST) + continue; + if (r < 0) + return log_oom(); + } + + return 0; +} + int config_parse_syscall_errno( const char *unit, const char *filename, |