core: add a system-wide SystemCallArchitectures= setting

This is useful to prohibit execution of non-native processes on systems,
for example 32bit binaries on 64bit systems, this lowering the attack
service on incorrect syscall and ioctl 32→64bit mappings.

1 files changed, 5 insertions, 5 deletions

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index ec04ad28ba..c923874394 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -2045,18 +2045,18 @@ int config_parse_syscall_archs(
                 void *data,
                 void *userdata) {
 
-        ExecContext *c = data;
+        Set **archs = data;
         char *w, *state;
         size_t l;
         int r;
 
         if (isempty(rvalue)) {
-                set_free(c->syscall_archs);
-                c->syscall_archs = NULL;
+                set_free(*archs);
+                *archs = NULL;
                 return 0;
         }
 
-        r = set_ensure_allocated(&c->syscall_archs, trivial_hash_func, trivial_compare_func);
+        r = set_ensure_allocated(archs, trivial_hash_func, trivial_compare_func);
         if (r < 0)
                 return log_oom();
 
@@ -2074,7 +2074,7 @@ int config_parse_syscall_archs(
                         continue;
                 }
 
-                r = set_put(c->syscall_archs, UINT32_TO_PTR(a + 1));
+                r = set_put(*archs, UINT32_TO_PTR(a + 1));
                 if (r == -EEXIST)
                         continue;
                 if (r < 0)