summaryrefslogtreecommitdiff
path: root/src/core/load-fragment.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-02-13 00:24:00 +0100
committerLennart Poettering <lennart@poettering.net>2014-02-13 00:24:00 +0100
commit57183d117a1d6a96d71ce99d648beb0d2b36228d (patch)
tree4b0c5b62073bf4766bd825c5d7d6b75967d7be40 /src/core/load-fragment.c
parent351a19b17d51ba0a5737f35d3c5deb8e7975fdee (diff)
core: add SystemCallArchitectures= unit setting to allow disabling of non-native
architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
Diffstat (limited to 'src/core/load-fragment.c')
-rw-r--r--src/core/load-fragment.c55
1 files changed, 55 insertions, 0 deletions
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 1b5856e273..ec04ad28ba 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -57,6 +57,10 @@
#include "bus-error.h"
#include "errno-list.h"
+#ifdef HAVE_SECCOMP
+#include "seccomp-util.h"
+#endif
+
#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP)
int config_parse_warn_compat(
const char *unit,
@@ -2029,6 +2033,57 @@ int config_parse_syscall_filter(
return 0;
}
+int config_parse_syscall_archs(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecContext *c = data;
+ char *w, *state;
+ size_t l;
+ int r;
+
+ if (isempty(rvalue)) {
+ set_free(c->syscall_archs);
+ c->syscall_archs = NULL;
+ return 0;
+ }
+
+ r = set_ensure_allocated(&c->syscall_archs, trivial_hash_func, trivial_compare_func);
+ if (r < 0)
+ return log_oom();
+
+ FOREACH_WORD_QUOTED(w, l, rvalue, state) {
+ _cleanup_free_ char *t = NULL;
+ uint32_t a;
+
+ t = strndup(w, l);
+ if (!t)
+ return log_oom();
+
+ r = seccomp_arch_from_string(t, &a);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Failed to parse system call architecture, ignoring: %s", t);
+ continue;
+ }
+
+ r = set_put(c->syscall_archs, UINT32_TO_PTR(a + 1));
+ if (r == -EEXIST)
+ continue;
+ if (r < 0)
+ return log_oom();
+ }
+
+ return 0;
+}
+
int config_parse_syscall_errno(
const char *unit,
const char *filename,