summaryrefslogtreecommitdiff
path: root/src/nspawn/nspawn-seccomp.c
diff options
context:
space:
mode:
authorFelipe Sateler <fsateler@debian.org>2016-08-31 10:00:35 -0300
committerFelipe Sateler <fsateler@gmail.com>2016-09-06 20:25:49 -0300
commitd347d9029c7ec6b30eaaab93649105d935061b55 (patch)
tree56eb156c3cc79fb33a6005069e661db255982d06 /src/nspawn/nspawn-seccomp.c
parent29272d9e03b85deafe30ff79aa291afe7cceb430 (diff)
seccomp: also detect if seccomp filtering is enabled
In https://github.com/systemd/systemd/pull/4004 , a runtime detection method for seccomp was added. However, it does not detect the case where CONFIG_SECCOMP=y but CONFIG_SECCOMP_FILTER=n. This is possible if the architecture does not support filtering yet. Add a check for that case too. While at it, change get_proc_field usage to use PR_GET_SECCOMP prctl, as that should save a few system calls and (unnecessary) allocations. Previously, reading of /proc/self/stat was done as recommended by prctl(2) as safer. However, given that we need to do the prctl call anyway, lets skip opening, reading and parsing the file. Code for checking inspired by https://outflux.net/teach-seccomp/autodetect.html
Diffstat (limited to 'src/nspawn/nspawn-seccomp.c')
0 files changed, 0 insertions, 0 deletions